You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Handling DNS traffic locally via a DNS server inside a firewall VM bypasses the Qubes OS firewall.
So even if the Qubes OS firewall explicitly disallows DNS requests from an upstream VM, the DNS requests of that VM will be answered by the locally running DNS server.
This happens because the Qubes OS firewall only hooks forwarded traffic, but not input traffic (i.e. locally handled traffic).
Handling DNS traffic locally via a DNS server inside a firewall VM bypasses the Qubes OS firewall.
So even if the Qubes OS firewall explicitly disallows DNS requests from an upstream VM, the DNS requests of that VM will be answered by the locally running DNS server.
This happens because the Qubes OS firewall only hooks forwarded traffic, but not input traffic (i.e. locally handled traffic).
Unfortunately, since the Qubes OS firewall only calls user scripts before it creates its VM-specific rules, I currently cannot fix this in an elegant way.
I'll see whether the Qubes OS behaviour can be changed so that this issue becomes fixable.
The text was updated successfully, but these errors were encountered: