Hello, I am running Whonix well. I followed the host security documentation, deleting all services that open ports and setting up the firewall so that it denies incoming connections.
Should I be worried about dnsmasq on port 53? I ran Wireshark and whenever I do apt-get update for the host, my machine communicates outgoing DNS packets to my ISP’s nameserver through port 53, the same port as dnsmasq. This communication happens only when I run apt-get update. I Torify my apt traffic with the (apt transport tor) package and onion addresses. In my /etc/resolv.conf folder it shows my ISP nameservers, this is to what my machine sends DNS packets. I don’t want any leaks of information. I hope my English is clear. Any help and advice is appreciated, thanks.
The Wireshark output is something like this:
Source (me) Destination (ISP server) | standard query (xxxxxxx) srv_socks.localhost
Source (ISP server) Destination (me) | standard query response (xxxxxxxx) no such name srv_socks.localhost SOA localhost