@Patrick let me know if the selected DHCP range is OK.
(To be added on wiki) Instructions on using DHCP with KVM:
sudo nano /etc/network/interfaces.d/30_non-qubes-whonix
iface eth0 inet static
iface eth0 inet dhcp
Change internal network:
sudo virsh net-edit Whonix-Internal
<ip address='10.152.152.0' netmask='255.255.192.0'>
<range start='10.152.128.1' end='10.152.191.254'/>
Restart internal network:
sudo virsh net-destroy Whonix-Internal
virsh -c qemu:///system net-start Whonix-Internal
sudo ifconfig confirms dynamic assigned IP functional.
I read the manual and a default install dnsmasq does forward requests to upstream servers recursively if it cannot resolve them.
However there is evidence that it does not resolve DNS as implemented in libvirt:
On linux host servers, libvirtd uses dnsmasq to service the virtual networks, such as the default network. A new instance of dnsmasq is started for each virtual network, only accessible to guests in that specific network.
DNSMASQ is visible to nmap scan from the WS but not much else.
Sent a DNS request to it from the WS with this result:
dig microsoft.com @10.152.152.0
; <<>> DiG 9.11.5-P4-3-Debian <<>> microsoft.com @10.152.152.0
;; global options: +cmd
;; connection timed out; no servers could be reached
Let’s decide whether we want this feature by default or simply making it optional and documenting it. Can VBox support this too? Maybe enable it in a set of packges for KVM builds?