Whonix KVM dnsmasq - listen port on host operating system - attack surface reduction

I got my Debian Guest VM working without dnsmasq.

1.Removed dnsmasq completely.

2.Tried start Guest VM, virt-manager gives error about dnsmasq missing.

3.Edited “default” network xml file.
added: <dns enable="no"/>
removed: dhcp range

4.Tried start Guest VM again, all working.

Same should work with Whonix, since whonix don’t need dns or dhcp.
I hope you guys can fix this in whonix network xmls. And attack surface will be reduced.


My experience was different. After uninstalling dnsmasq-base and modifying default network settings, I ended up with libvirt process instability where it crashed and refused to start-up or let the virtual machine manager GUI to connect to it until