Sys-firewall cannot resolve DNS

dro212 · September 18, 2023, 12:35am

My sys-net has working internet. I can curl ‘https://www.google.com’ in sys-net, but in sys-firewall I cannot resolve the DNS. I’ve had this happen before and with a few restarts it works, does anyone know the solution to this problem? FYI no firewall restrictions, all firewalls set to allow all connections, and Debian disposable template for the sys-qubes.

Thanks!

dro212 · September 18, 2023, 2:30pm

This is a problem with the virtual DNS nameserver. I’m troubleshooting now.

dro212 · September 19, 2023, 1:57pm

Issue created. Temp fix is to use the new autorestart once the template has been updated.

github.com/QubesOS/qubes-issues

Virtual DNS Fails with manual sys-net restart

opened 01:54PM - 19 Sep 23 UTC

andrew-drogalis

### Qubes OS release V4.2 rc3 ### Brief summary Using Debian Disposable templ…ates, the virtual DNS in all qubes doesn't work once the sys-net & sys-firewall are manually restarted. Once an update occurs and the new qubes update restart process takes place, the error is fixed and it works normally. ### Steps to reproduce In sys-net & sys-firewall with a disposable Debian template, shut down both qubes and restart. The DNS request will fail in the sys-firewall. ### Expected behavior DNS requests work as expected with a manual sys-net restart. ### Actual behavior DNS requests fail with, "site's DNS address cannot be found."

slcoleman · September 21, 2023, 2:00pm

Whenever I have had problems with DNS resolution upstream of sys-net I have found that just adding a public DNS server entry into NetworkManager in sys-net fixed the problem. Something to try at least.

dro212 · September 21, 2023, 5:20pm

Thanks, it’s not upstream of sys-net, but downstream.

The work around is just timing the manual restart properly until the virtual DNS kicks in. The bug issue is linked above.