Use sys-whonix for all dns-requests

Schnur · March 2, 2026, 8:18pm

by default sys-net resolves all dns-requests. How can i redirect every dns-requests from sys-net to sys-whonix?

wafmtjwadllc · March 19, 2026, 10:16pm

You’re likely misunderstanding the intended architecture.

Route AppVMs → `sys-whonix` for Tor + DNS

sys-whonix (based on whonix-gw ) forces all traffic, including DNS, through Tor.
Any qube (e.g., anon-whonix or a custom AppVM) set to use sys-whonix as its NetVM will have:
- All TCP traffic routed over Tor.
- All UDP DNS queries intercepted and sent via Tor’s DNSPort (port 5353).
This is automatic — no extra DNS redirection needed.

Schnur · March 20, 2026, 5:46am

Mhhh, no, let me explain again.

Whonix-Workstation → sys-whonix → sys-firewall → sys-net
AppVM → sys-firewall → sys-net

Though what I want is:

AppVM --> sys-firewall --> sys-net
                              |
                              |
                             \ /
              requests DNS from sys-whonix

Atrate · March 20, 2026, 8:02am

So you want your traffic to be routed normally but just DNS requests to be made over Tor? What’s your use-case?

Schnur · March 21, 2026, 8:02am

Exactly.
Use-case: Anonymize my DNS.

Atrate · March 21, 2026, 11:09am

What are you aiming to anonymize it from? Your ISP? If you don’t tunnel your other traffic, they’ll still be able to see which sites you visit without a problem.

Schnur · March 21, 2026, 11:27am

The DNS provider.

Use sys-whonix for all dns-requests

Route AppVMs → sys-whonix for Tor + DNS

Route AppVMs → `sys-whonix` for Tor + DNS