UNTIL...
I had this idea:
Code:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
bitmask all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
bitmask_postrouting all -- anywhere anywhere
Chain bitmask (1 references)
target prot opt source destination
ACCEPT udp -- anywhere if udp dpt:domain
ACCEPT udp -- anywhere localhost udp dpt:domain
DNAT udp -- anywhere anywhere udp dpt:domain to:10.42.0.1:53
DNAT tcp -- anywhere anywhere tcp dpt:domain to:10.42.0.1:53
Chain bitmask_postrouting (1 references)
target prot opt source destination
MASQUERADE udp -- anywhere anywhere udp dpt:domain
MASQUERADE tcp -- anywhere anywhere tcp dpt:domain
OFCAUSE! NAT! Found ya! So now if I just run the bitmask-root command and then save the iptables NAT rules it is PROPERLY fixed then.. and the DNS mystery is (re)solved!
Code:
$ sudo bitmask-root firewall stop
$ sudo dpkg-reconfigure iptables-persistent