From fb9b3b62c02427b80657056805a9bac7756c98b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 7 Mar 2016 13:37:45 +0100 Subject: [PATCH] network: use `qubes-primary-dns` QubesDB entry if present For a long time the DNS address was the same as default gateway. This is still the case in R3.x, but using `qubes-gateway` configuration parameter for it is misleading. It should be up to dom0 to provide DNS address (whether the value is the same as gateway or not). Fixes QubesOS/qubes-issues#1817 --- network/setup-ip | 8 +++++--- vm-init.d/qubes-core-netvm | 3 ++- vm-systemd/network-proxy-setup.sh | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/network/setup-ip b/network/setup-ip index 07071d7..5dbec79 100755 --- a/network/setup-ip +++ b/network/setup-ip @@ -13,6 +13,7 @@ ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null` if [ x$ip != x ]; then netmask=`/usr/bin/qubesdb-read /qubes-netmask` gateway=`/usr/bin/qubesdb-read /qubes-gateway` + primary_dns=`/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null || echo $gateway` secondary_dns=`/usr/bin/qubesdb-read /qubes-secondary-dns` /sbin/ethtool -K $INTERFACE sg off /sbin/ethtool -K $INTERFACE tx off @@ -39,7 +40,7 @@ method=manual may-fail=false __EOF__ if [ "x$disabledns" != "x1" ]; then - echo "dns=$gateway;$secondary_dns" >> $nm_config + echo "dns=$primary_dns;$secondary_dns" >> $nm_config fi if [ "x$disablegw" != "x1" ]; then echo "addresses1=$ip;32;$gateway" >> $nm_config @@ -58,7 +59,7 @@ __EOF__ if ! grep -rq "^/etc/resolv[.]conf$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then echo > /etc/resolv.conf if [ "x$disabledns" != "x1" ]; then - echo "nameserver $gateway" > /etc/resolv.conf + echo "nameserver $primary_dns" > /etc/resolv.conf echo "nameserver $secondary_dns" >> /etc/resolv.conf fi fi @@ -67,8 +68,9 @@ __EOF__ if [ "x$network" != "x" ] && [ "x$disabledns" != "x1" ]; then gateway=$(qubesdb-read /qubes-netvm-gateway) netmask=$(qubesdb-read /qubes-netvm-netmask) + primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo $gateway) secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns) - echo "NS1=$gateway" > /var/run/qubes/qubes-ns + echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns /usr/lib/qubes/qubes-setup-dnat-to-ns fi diff --git a/vm-init.d/qubes-core-netvm b/vm-init.d/qubes-core-netvm index 61fdbd9..b3d7bd1 100755 --- a/vm-init.d/qubes-core-netvm +++ b/vm-init.d/qubes-core-netvm @@ -26,9 +26,10 @@ start() if [ "x$network" != "x" ]; then gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway) netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask) + primary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-primary-dns || echo $gateway) secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns) modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes-ns + echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns /usr/lib/qubes/qubes-setup-dnat-to-ns echo "1" > /proc/sys/net/ipv4/ip_forward diff --git a/vm-systemd/network-proxy-setup.sh b/vm-systemd/network-proxy-setup.sh index 503c827..78512c9 100755 --- a/vm-systemd/network-proxy-setup.sh +++ b/vm-systemd/network-proxy-setup.sh @@ -12,9 +12,10 @@ if [ "x$network" != "x" ]; then gateway=$(qubesdb-read /qubes-netvm-gateway) netmask=$(qubesdb-read /qubes-netvm-netmask) + primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo $gateway) secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns) modprobe netbk 2> /dev/null || modprobe xen-netback || "${modprobe_fail_cmd}" - echo "NS1=$gateway" > /var/run/qubes/qubes-ns + echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns /usr/lib/qubes/qubes-setup-dnat-to-ns echo "1" > /proc/sys/net/ipv4/ip_forward