mirror of
https://github.com/ben-grande/qusal.git
synced 2025-01-13 00:19:45 -05:00
feat: allow sys-pihole to use pi-hole for queries
This commit is contained in:
parent
a17f9f5250
commit
705808d8b6
@ -7,6 +7,10 @@ Pi-hole DNS Sinkhole in Qubes OS.
|
|||||||
* [Description](#description)
|
* [Description](#description)
|
||||||
* [Installation](#installation)
|
* [Installation](#installation)
|
||||||
* [Usage](#usage)
|
* [Usage](#usage)
|
||||||
|
* [Web interface](#web-interface)
|
||||||
|
* [Torified Pi-Hole](#torified-pi-hole)
|
||||||
|
* [Local DNS server](#local-dns-server)
|
||||||
|
* [DNS issues after netvm restart](#dns-issues-after-netvm-restart)
|
||||||
* [Credits](#credits)
|
* [Credits](#credits)
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
@ -55,6 +59,8 @@ qubesctl state.apply sys-pihole.prefs
|
|||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
### Web interface
|
||||||
|
|
||||||
Pi-hole will be installed with these default settings:
|
Pi-hole will be installed with these default settings:
|
||||||
|
|
||||||
- The DNS provider is Quad9 (filtered, DNSSEC)
|
- The DNS provider is Quad9 (filtered, DNSSEC)
|
||||||
@ -76,16 +82,30 @@ running. The browser qube is offline and only has access to the admin
|
|||||||
interface. In other words, it has control over the server functions, if the
|
interface. In other words, it has control over the server functions, if the
|
||||||
browser is compromised, it can compromise the server.
|
browser is compromised, it can compromise the server.
|
||||||
|
|
||||||
You can clone `sys-pihole`. If you do, you must manually change the IP address
|
### Torified Pi-Hole
|
||||||
of the clone.
|
|
||||||
|
|
||||||
If you want to combine Pi-Hole with Tor, then you should reconfigure your
|
If you want to combine Pi-Hole with Tor, then you should reconfigure your
|
||||||
netvm chaining (will break tor's client stream isolation) as such:
|
netvm chaining (will break tor's client stream isolation) as such:
|
||||||
|
|
||||||
- qube -> sys-pihole -> Tor-gateway -> sys-firewall -> sys-net
|
- qube -> sys-pihole -> Tor-gateway -> sys-firewall -> sys-net
|
||||||
|
|
||||||
|
### Local DNS server
|
||||||
|
|
||||||
|
If you want sys-pihole to use itself to resolve DNS queries, enable the
|
||||||
|
service `local-dns-server` from Dom0 to sys-pihole:
|
||||||
|
```sh
|
||||||
|
qvm-service sys-pihole local-dns-server 1
|
||||||
|
```
|
||||||
|
|
||||||
|
Don't forget to restart sys-pihole after the changes.
|
||||||
|
|
||||||
|
Note that if Pi-hole as a problem the host will not not be able to reach the
|
||||||
|
internet for updates, syncing time etc.
|
||||||
|
|
||||||
|
### DNS issues after netvm restart
|
||||||
|
|
||||||
If you encounter problems with DNS after having upstream netvm route changes,
|
If you encounter problems with DNS after having upstream netvm route changes,
|
||||||
restart Pi-Hole DNS from `sys-pihole` and run the following as root:
|
restart Pi-hole DNS from sys-pihole:
|
||||||
```sh
|
```sh
|
||||||
pihole restartdns
|
pihole restartdns
|
||||||
```
|
```
|
||||||
|
@ -13,3 +13,7 @@ for vif in /proc/sys/net/ipv4/conf/vif*/route_localnet; do
|
|||||||
test -w "${vif}" || continue
|
test -w "${vif}" || continue
|
||||||
echo 1 | tee "${vif}" >/dev/null
|
echo 1 | tee "${vif}" >/dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if test -f /var/run/qubes-service/local-dns-server; then
|
||||||
|
echo "nameserver 127.0.0.1" | tee /etc/resolv.conf
|
||||||
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user