diff --git a/network/vif-qubes-nat.sh b/network/vif-qubes-nat.sh
index d422d8e..2fea819 100755
--- a/network/vif-qubes-nat.sh
+++ b/network/vif-qubes-nat.sh
@@ -2,7 +2,7 @@
 #set -x
 
 netvm_subnet=/24
-undetectable_netvm_ips=1
+undetectable_netvm_ips=
 
 netns="${vif}-nat"
 netvm_if="${vif}"
@@ -65,6 +65,7 @@ if test "$command" == online; then
 
         # same for the gateway/DNS IPs
         netns iptables -t raw -I PREROUTING -i "$netns_appvm_if" -d "$netvm_gw_ip" -j DROP
+        netns iptables -t raw -I PREROUTING -i "$netns_appvm_if" -d "$netvm_dns1_ip" -j DROP
         netns iptables -t raw -I PREROUTING -i "$netns_appvm_if" -d "$netvm_dns2_ip" -j DROP
     fi
 
@@ -74,6 +75,11 @@ if test "$command" == online; then
     netns iptables -t nat -I PREROUTING -i "$netns_appvm_if" -d "$appvm_gw_ip" -j DNAT --to-destination "$netvm_gw_ip"
     netns iptables -t nat -I POSTROUTING -o "$netns_appvm_if" -s "$netvm_gw_ip" -j SNAT --to-source "$appvm_gw_ip"
 
+    if test -n "$appvm_dns1_ip"; then
+        netns iptables -t nat -I PREROUTING -i "$netns_appvm_if" -d "$appvm_dns1_ip" -j DNAT --to-destination "$netvm_dns1_ip"
+        netns iptables -t nat -I POSTROUTING -o "$netns_appvm_if" -s "$netvm_dns1_ip" -j SNAT --to-source "$appvm_dns1_ip"
+    fi
+
     if test -n "$appvm_dns2_ip"; then
         netns iptables -t nat -I PREROUTING -i "$netns_appvm_if" -d "$appvm_dns2_ip" -j DNAT --to-destination "$netvm_dns2_ip"
         netns iptables -t nat -I POSTROUTING -o "$netns_appvm_if" -s "$netvm_dns2_ip" -j SNAT --to-source "$appvm_dns2_ip"
diff --git a/network/vif-route-qubes b/network/vif-route-qubes
index 85da9f9..64ad86a 100755
--- a/network/vif-route-qubes
+++ b/network/vif-route-qubes
@@ -30,6 +30,7 @@ if [ "${ip}" ]; then
     # IPs as seen by this VM
     netvm_ip="$ip"
     netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
+    netvm_dns1_ip=`qubesdb-read /qubes-netvm-primary-dns`
     netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`
 
     back_ip="$netvm_gw_ip"