Sys-Firewall - DNS request to root-servers on bootup

QubesOS / qubes-issues

The Qubes OS Project issue tracker

https://www.qubes-os.org/doc/issue-tracking/

534 stars 47 forks source link

Sys-Firewall - DNS request to root-servers on bootup #8501

Open akkuladezeit opened 1 year ago

akkuladezeit commented 1 year ago

Qubes OS release

4.1.2

Brief summary

The Sys-Firewall vm tries to Access all Root DNS Server directly ignoring the configured local dns.

Steps to reproduce

Log Traffic on UPD 53 at Firewall connected to Qubes-PC

In my Case any non local dns requests are blocked..

Expected behavior

Sys-Firewall using DNS Ip form DHCP

Actual behavior

Qubes try to access a-m .Root-servers.net for DNS request on Port 53 udp

Is This behaviour intended?

akkuladezeit commented 1 year ago

Its not Happens Every bootup of Sys-net / sys-Firewall...

Maybe some stuff from clock-Sync? Oder dom0 Update ?

DemiMarie commented 1 year ago

This is likely systemd-resolved.

alimirjamali commented 3 months ago

This is likely systemd-resolved.

Yep. It is the default systemd-resolved behaviour. Documented here in Freedesktop reference. The hard-coded root DNS servers are here. i.e. Google and Cloudflare root DNS servers at the moment. And here Lennart Poettering defends the current behaviour.

There are many ways to deal with this issue. Just document it? Deliver a resolved config similar to this one which is provided via qubes-core-agent-linux and set FallbackDNS=?