mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-25 07:29:37 -05:00
feat: allow sys-pihole to use pi-hole for queries
This commit is contained in:
parent
a17f9f5250
commit
705808d8b6
@ -7,6 +7,10 @@ Pi-hole DNS Sinkhole in Qubes OS.
|
||||
* [Description](#description)
|
||||
* [Installation](#installation)
|
||||
* [Usage](#usage)
|
||||
* [Web interface](#web-interface)
|
||||
* [Torified Pi-Hole](#torified-pi-hole)
|
||||
* [Local DNS server](#local-dns-server)
|
||||
* [DNS issues after netvm restart](#dns-issues-after-netvm-restart)
|
||||
* [Credits](#credits)
|
||||
|
||||
## Description
|
||||
@ -55,6 +59,8 @@ qubesctl state.apply sys-pihole.prefs
|
||||
|
||||
## Usage
|
||||
|
||||
### Web interface
|
||||
|
||||
Pi-hole will be installed with these default settings:
|
||||
|
||||
- The DNS provider is Quad9 (filtered, DNSSEC)
|
||||
@ -76,16 +82,30 @@ running. The browser qube is offline and only has access to the admin
|
||||
interface. In other words, it has control over the server functions, if the
|
||||
browser is compromised, it can compromise the server.
|
||||
|
||||
You can clone `sys-pihole`. If you do, you must manually change the IP address
|
||||
of the clone.
|
||||
### Torified Pi-Hole
|
||||
|
||||
If you want to combine Pi-Hole with Tor, then you should reconfigure your
|
||||
netvm chaining (will break tor's client stream isolation) as such:
|
||||
|
||||
- qube -> sys-pihole -> Tor-gateway -> sys-firewall -> sys-net
|
||||
|
||||
### Local DNS server
|
||||
|
||||
If you want sys-pihole to use itself to resolve DNS queries, enable the
|
||||
service `local-dns-server` from Dom0 to sys-pihole:
|
||||
```sh
|
||||
qvm-service sys-pihole local-dns-server 1
|
||||
```
|
||||
|
||||
Don't forget to restart sys-pihole after the changes.
|
||||
|
||||
Note that if Pi-hole as a problem the host will not not be able to reach the
|
||||
internet for updates, syncing time etc.
|
||||
|
||||
### DNS issues after netvm restart
|
||||
|
||||
If you encounter problems with DNS after having upstream netvm route changes,
|
||||
restart Pi-Hole DNS from `sys-pihole` and run the following as root:
|
||||
restart Pi-hole DNS from sys-pihole:
|
||||
```sh
|
||||
pihole restartdns
|
||||
```
|
||||
|
@ -13,3 +13,7 @@ for vif in /proc/sys/net/ipv4/conf/vif*/route_localnet; do
|
||||
test -w "${vif}" || continue
|
||||
echo 1 | tee "${vif}" >/dev/null
|
||||
done
|
||||
|
||||
if test -f /var/run/qubes-service/local-dns-server; then
|
||||
echo "nameserver 127.0.0.1" | tee /etc/resolv.conf
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user