From 385b4abe44f912e6be5bee22cec50aea1acf9400 Mon Sep 17 00:00:00 2001
From: 3np <3np@example.com>
Date: Sat, 5 Jul 2025 06:10:57 +0000
Subject: [PATCH 1/2] perf(network-agent): use cycle instead of manually
 doubling nameserver list for zip

---
 network/qubes-setup-dnat-to-ns | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/network/qubes-setup-dnat-to-ns b/network/qubes-setup-dnat-to-ns
index 3dcbe9044..52ae2f5d5 100755
--- a/network/qubes-setup-dnat-to-ns
+++ b/network/qubes-setup-dnat-to-ns
@@ -21,6 +21,7 @@
 
 from __future__ import annotations
 
+from itertools import cycle
 import subprocess
 import sys
 
@@ -116,10 +117,7 @@ def install_firewall_rules(dns):
                 f"ip daddr {vm_nameserver} tcp dport 53 drop",
             ]
     else:
-        while len(qubesdb_dns) > len(dns_resolved):
-            # Ensure that upstream DNS pool is larger than qubesdb_dns pool
-            dns_resolved = dns_resolved + dns_resolved
-        for vm_nameserver, dest in zip(qubesdb_dns, dns_resolved):
+        for vm_nameserver, dest in zip(qubesdb_dns, cycle(dns_resolved)):
             dns_ = str(dest)
             rules += [
                 f"ip daddr {vm_nameserver} udp dport 53 dnat to {dns_}",

From 7014a2487cce0f0aa8e91bda8547c67c00508edd Mon Sep 17 00:00:00 2001
From: 3np <3np@example.com>
Date: Sat, 5 Jul 2025 06:13:34 +0000
Subject: [PATCH 2/2] chore(network-agent): consistently memoize ip_address
 stringification

---
 network/qubes-setup-dnat-to-ns | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/network/qubes-setup-dnat-to-ns b/network/qubes-setup-dnat-to-ns
index 52ae2f5d5..e2bb9ccf4 100755
--- a/network/qubes-setup-dnat-to-ns
+++ b/network/qubes-setup-dnat-to-ns
@@ -112,16 +112,18 @@ def install_firewall_rules(dns):
         # Or maybe user wants to enforce DNS-Over-HTTPS.
         # Drop IPv4 DNS requests to qubesdb_dns addresses.
         for vm_nameserver in qubesdb_dns:
+            vm_ns_ = str(vm_nameserver)
             rules += [
-                f"ip daddr {vm_nameserver} udp dport 53 drop",
-                f"ip daddr {vm_nameserver} tcp dport 53 drop",
+                f"ip daddr {vm_ns_} udp dport 53 drop",
+                f"ip daddr {vm_ns_} tcp dport 53 drop",
             ]
     else:
         for vm_nameserver, dest in zip(qubesdb_dns, cycle(dns_resolved)):
+            vm_ns_ = str(vm_nameserver)
             dns_ = str(dest)
             rules += [
-                f"ip daddr {vm_nameserver} udp dport 53 dnat to {dns_}",
-                f"ip daddr {vm_nameserver} tcp dport 53 dnat to {dns_}",
+                f"ip daddr {vm_ns_} udp dport 53 dnat to {dns_}",
+                f"ip daddr {vm_ns_} tcp dport 53 dnat to {dns_}",
             ]
     rules += ["}", "}"]