Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

Why Whonix KVM need dnsmasq?

Hello.
I am using Whonix KVM.
The host OS is Debian 11.
I would like to set up DNS over TLS on my host OS, but dnsmasq occupying port 53 and is interfering with the set up.
Is there any problem to disable the DNS server by setting port=0 in dnsmasq?
I am planning to set up DNS over TLS with systemd-resolved.

For now, I have set up DNS over TLS by forwarding to unbound with the following settings.
/etc/resolv.conf

nameserver 127.0.0.1

/etc/dnsmasq.conf

no-resolv
server=127.0.0.1#5353

/etc/unbound/unbound.conf

server:
    interface: 127.0.0.1
    port: 5353

it is not recommend to use dns over tls system wide because you are putting all ur trust in one server to handle your dns

Since this is about host DNS and DNS security, following might be interesting for you:

Note: I am not a maintainer of Whonix KVM.