Finally getting back to testing here. I plan on reading through the Qubes-Whonix testing thread tomorrow, so my comment may have been addressed already.
- Downloaded and cloned lastest whonix-gw-14 template manually on Qubes 3.2.
- Attached template to existing sys-whonix-13 proxyVM.
- Ran apt-get update.
- Initial traffic is DROPPED by sys-whonix-13. LOG reveals destination IP: sys-whonix-13 & port: 53
- Eventually times out. apt-get then sends traffic to tinyproxy on 10.*.255.254:8082 and completes successfully
Not sure why apt-get is requesting a standard DNS lookup when apt.conf.d/01qubes-proxy is configured to use tinyproxy.
(same is true for apt, per OP, as well as apt-get)
Forgot to mention: Port 53 dropped because Workstation Transparent DNS disabled on my Gateway. Do you have that set also @kuruu?