Why Whonix KVM need dnsmasq?

kk221001 · October 1, 2022, 5:10am

Hello.
I am using Whonix KVM.
The host OS is Debian 11.
I would like to set up DNS over TLS on my host OS, but dnsmasq occupying port 53 and is interfering with the set up.
Is there any problem to disable the DNS server by setting port=0 in dnsmasq?
I am planning to set up DNS over TLS with systemd-resolved.

For now, I have set up DNS over TLS by forwarding to unbound with the following settings.
/etc/resolv.conf

nameserver 127.0.0.1

/etc/dnsmasq.conf

no-resolv
server=127.0.0.1#5353

/etc/unbound/unbound.conf

server:
    interface: 127.0.0.1
    port: 5353

quantum445 · October 17, 2022, 7:59pm

it is not recommend to use dns over tls system wide because you are putting all ur trust in one server to handle your dns

Patrick · October 18, 2022, 12:46am

Since this is about host DNS and DNS security, following might be interesting for you:

Patrick · November 5, 2022, 1:42pm

Note: I am not a maintainer of Whonix KVM.