/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNS over TCP doesn't work in AppVM #1325

Closed
marmarek opened this Issue Oct 11, 2015 · 8 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.0 updates
1 participant
@marmarek
@marmarek
Member

marmarek commented Oct 11, 2015

Reported by Taylor Hornby:

  • In all of my AppVMs (debian-based and fedora-based), web browsing works normally except for browsing to certain domains like admin.google.com. On those domains, the browser can't resolve the DNS.

  • If you try to do an nslookup in a terminal in the AppVM, you get:

    user@superaccounts:~$ nslookup admin.google.com
;; Truncated, retrying in TCP mode.
;; Connection to 10.137.2.1#53(10.137.2.1) for admin.google.com failed: host unreachable.
^C (... seems to hang forever ...)

  • Other domains seem to work:

    user@superaccounts:~$ nslookup bqp.io
Server:        10.137.2.1
Address:    10.137.2.1#53

Name:    bqp.io
Address: 192.95.8.31

  • Using dig instead of nslookup within the AppVM works, even for admin.google.com.

  • Here are the resolvers (default):

    user@superaccounts:~$ cat /etc/resolv.conf
nameserver 10.137.2.1
nameserver 10.137.2.254

  • The only thing I've found that seems related is this, mentioning truncation and TCP being firewalled:
    https://groups.google.com/forum/#!searchin/qubes-users/DNS$20truncate/qubes-users/ndbPjm71CxY/haG46YnEJKcJ

I suspect that admin.google.com is victim to this because the result when you query for its A record is huge; you get back 16 IP addresses. The workaround I'm using is to manually edit /etc/resolv.conf, changing the nameserver to 8.8.8.8 and then restarting iceweasel.

@marmarek marmarek added bug C: core C: templates P: major labels Oct 11, 2015

@marmarek marmarek added this to the Release 3.0 updates milestone Oct 11, 2015

@marmarek marmarek closed this in marmarek/old-qubes-core-agent-linux@ce443b2 Oct 11, 2015

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Oct 30, 2015

@marmarek
network: forward TCP DNS queries 
Fixes QubesOS/qubes-issues#1325

(cherry picked from commit ce443b2)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
4150228
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 30, 2015

Member

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc20 has been pushed to the r3.0 testing repository for the Fedora fc20 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing
Member

marmarek commented Oct 30, 2015

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc20 has been pushed to the r3.0 testing repository for the Fedora fc20 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

@marmarek marmarek added the r3.0-fc20-testing label Oct 30, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 30, 2015

Member

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc21 has been pushed to the r3.0 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing
Member

marmarek commented Oct 30, 2015

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc21 has been pushed to the r3.0 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

@marmarek marmarek added the r3.0-fc21-testing label Oct 30, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 1, 2015

Member

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb8u1 has been pushed to the r3.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade
Member

marmarek commented Nov 1, 2015

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb8u1 has been pushed to the r3.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

@marmarek marmarek added the r3.0-jessie-testing label Nov 1, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 1, 2015

Member

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb7u1 has been pushed to the r3.0 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade
Member

marmarek commented Nov 1, 2015

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb7u1 has been pushed to the r3.0 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

@marmarek marmarek added the r3.0-wheezy-testing label Nov 1, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 12, 2015

Member

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc20 has been pushed to the r3.0 stable repository for the Fedora fc20 template.
To install this update, please use the standard update command:

sudo yum update
Member

marmarek commented Nov 12, 2015

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc20 has been pushed to the r3.0 stable repository for the Fedora fc20 template.
To install this update, please use the standard update command:

sudo yum update

@marmarek marmarek added r3.0-fc20-stable and removed r3.0-fc20-testing labels Nov 12, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 12, 2015

Member

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc21 has been pushed to the r3.0 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update
Member

marmarek commented Nov 12, 2015

Automated announcement from builder-github

The package qubes-core-vm-3.0.19-1.fc21 has been pushed to the r3.0 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

@marmarek marmarek added r3.0-fc21-stable and removed r3.0-fc21-testing labels Nov 12, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 12, 2015

Member

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb8u1 has been pushed to the r3.0 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update
Member

marmarek commented Nov 12, 2015

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb8u1 has been pushed to the r3.0 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek marmarek added r3.0-jessie-stable and removed r3.0-jessie-testing labels Nov 12, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 12, 2015

Member

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb7u1 has been pushed to the r3.0 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update
Member

marmarek commented Nov 12, 2015

Automated announcement from builder-github

The package qubes-core-agent_3.0.19-1+deb7u1 has been pushed to the r3.0 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek marmarek added r3.0-wheezy-stable and removed r3.0-wheezy-testing labels Nov 12, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment