@Patrick let me know if the selected DHCP range is OK.
(To be added on wiki) Instructions on using DHCP with KVM:
sudo nano /etc/network/interfaces.d/30_non-qubes-whonix
Comment out:
auto eth0
iface eth0 inet static
Comment in:
auto eth0
iface eth0 inet dhcp
Change internal network:
sudo virsh net-edit Whonix-Internal
<ip address='10.152.152.0' netmask='255.255.192.0'>
<dhcp>
<range start='10.152.128.1' end='10.152.191.254'/>
</dhcp>
</ip>
Restart internal network:
sudo virsh net-destroy Whonix-Internal
virsh -c qemu:///system net-start Whonix-Internal
sudo ifconfig confirms dynamic assigned IP functional.
I read the manual and a default install dnsmasq does forward requests to upstream servers recursively if it cannot resolve them.
However there is evidence that it does not resolve DNS as implemented in libvirt:
On linux host servers, libvirtd uses dnsmasq to service the virtual networks, such as the default network. A new instance of dnsmasq is started for each virtual network, only accessible to guests in that specific network.
-
DNSMASQ is visible to nmap scan from the WS but not much else.
-
Sent a DNS request to it from the WS with this result:
dig microsoft.com @10.152.152.0
; <<>> DiG 9.11.5-P4-3-Debian <<>> microsoft.com @10.152.152.0
;; global options: +cmd
;; connection timed out; no servers could be reached
Let’s decide whether we want this feature by default or simply making it optional and documenting it. Can VBox support this too? Maybe enable it in a set of packges for KVM builds?