The dnat-dns update works sometimes in fedora-40-xfce, but it’s unreliable.
There seems to be some problem with systemd-resolved, maybe some kind of a race condition or something else.
Restarting systemd-resolved before updating dnat-dns seems to fix the issue:
So if you add:
systemctl restart systemd-resolved
Before execution of:
/usr/lib/qubes/qubes-setup-dnat-to-ns
In the /etc/NetworkManager/dispatcher.d/qubes-nmhook file then it’ll work.
No idea what’s wrong with it, I guess it’s better to create an issue on github for this.