From ce443b2e182997d8a4ca377ef00c2ceb4fb0c59e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 12 Oct 2015 01:28:05 +0200
Subject: [PATCH] network: forward TCP DNS queries

Fixes QubesOS/qubes-issues#1325
---
 network/qubes-setup-dnat-to-ns | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/network/qubes-setup-dnat-to-ns b/network/qubes-setup-dnat-to-ns
index a1f9bc1..d7e09ea 100755
--- a/network/qubes-setup-dnat-to-ns
+++ b/network/qubes-setup-dnat-to-ns
@@ -3,9 +3,11 @@ addrule()
 {
         if [ $FIRSTONE = yes ] ; then
                 FIRSTONE=no
-                RULE1="-A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $1"
+                RULE1="-A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $1
+-A PR-QBS -d $NS1 -p tcp --dport 53 -j DNAT --to $1"
         else
-                RULE2="-A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $1"
+                RULE2="-A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $1
+-A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $1"
                 NS=$NS2
         fi
 }
@@ -19,6 +21,6 @@ grep ^nameserver /etc/resolv.conf | grep -v ":.*:" | head -2 |
         while read x y z ; do
                 addrule "$y"
         done
-        (echo "*nat"; echo $RULE1; echo $RULE2; echo COMMIT) | iptables-restore -n
+        (echo "*nat"; echo "$RULE1"; echo "$RULE2"; echo COMMIT) | iptables-restore -n
         )