(SOLVED) I'm Going Insane. Why Does Mullvad DNS Not Work Underneath My Linux Machine When Every Other DNS Does? (lemm.ee)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

I have wasted the last 2.5 hours trying to see where I went wrong with my configuration and I just can't.

For the record, I am running OpenSuse Tumbleweed with Gnome, latest update for everything. Up to now I have been using AdGuard as my DNS resolver, but am now trying to switch to Mullvad but at this point I think I probably don't want to anymore. Reason being, I just can not get it to work for the life of me.

My system has NetworkManager installed so I go there, select my connected Wifi, and enter Mullvad's DNS address 194.242.2.4 in thr IPv4 section, then I go to check to see if it shows I am using their DNS and it Firefox AND Vivaldi give no internet connection errors. I go back to Adguard DNS and my internet is back working again. I go back to Mullvad, you guessed it, no internet once again. I even tried Cloudflare and Quad 9's DNS addresses and both of those worked as well but Mullvad's just does not want to work and I am going insane over it.

And no I can not edit resolv.conf through the terminal because NetworkManager will override it and no I don't want to delete NetworkManager. Any feedback would be appreciated.

Edit: I have Mullvad DNS on my phone and got it running with zero issues so this is more of a Linux problem than a Mullvad DNS problem I think.

Solution:

Open terminal and follow through

sudo zypper install systemd-network

sudo nano /etc/systemd/resolved.conf

Copy paste this into the file that you just opened and change the DNS to whichever DNS provider you are using.

[Resolve]

DNS=194.242.2.4 2a07:e340::4

FallbackDNS=194.242.2.2 2a07:e340::2

Domains=~.

DNSSEC=yes

DNSOverTLS=opportunistic

#MulticastDNS=no

#LLMNR=no

#Cache=yes #CacheFromLocalhost=no

#DNSStubListener=no

#DNSStubListenerExtra=

#ReadEtcHosts=yes

#ResolveUnicastSingleLabel=no

Ctrl + O to write out and Ctrl + X to exit back to the terminal main page.

ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

sudo systemctl start systemd-resolved

sudo systemctl enable systemd-resolved

sudo systemctl restart NetworkManager

Boom it should be working now.

all 36 comments

sorted by: hot top controversial new old

[-] [email protected] 22 points 1 month ago

Mullvad (apparenlty, first time I've heard from the service) uses DNS over TLS and I don't think that the current GUI version has the option to enable it. Here's a quickly googled howto from Fedora on how to enable it on your system. If that doesn't help search for 'NetworkManager DOT' or 'DNS over TLS'.

[-] [email protected] 20 points 1 month ago

Right on the money: See also the official mullvad docs: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#linux

[-] [email protected] 4 points 1 month ago

The solution on their page does not work as my network settings are controlled by Network Manager

[-] [email protected] 0 points 1 month ago

I tried the guide you sent, and it gives me an error in the terminal when I try to restart NetworkManager. This is caused by the thing in step 2, and when I remove the file that was created in step 2, NetworkManager starts fine again, but now I need to have a DNS IP address entered into IPv4 and IPv6 per network connection, and it can not be Mullvad's DNS servers otherwise I again get no connection which again just puts me back at square one, only now I have a systemctl command running in the background for no reason.

[-] [email protected] 8 points 1 month ago

A bunch of people said resolvd already and I hate to admit it, but this fixed dns over tls for me too.

Mark it as a rare systemd w.

[-] [email protected] -1 points 1 month ago

Could you potentially send me the instructions/steps/guide you followed? I attempted to use systemd for this but haven't had much luck.

[-] [email protected] 3 points 1 month ago

It was a while ago and I’m on Debian so my experience might be different but last named version I had to put a line pointing to the internal resolved address in resolv.conf like in this forum thread.

[-] [email protected] 7 points 1 month ago* (last edited 1 month ago)

You can edit resolv.conf and

# chattr +i resolv.conf

makes the file immutable.

It's a kludge, and I'm not saying that it solves your DNS issue, but NM can't override the file.

[-] [email protected] 5 points 1 month ago* (last edited 1 month ago)

How would I undo this process? I am considering testing this out but how would I make it overridable again just in case?

Edit, just tried it and added the DNSoverTLS=yes line and it did not seem to fix anything so unfortunately this isn't a solution but still a nice thing to know.

[-] [email protected] 11 points 1 month ago

chattr -i

[-] [email protected] 4 points 1 month ago

What a surprise.

[-] [email protected] 2 points 1 month ago

Another option is to remove it and symlink it to a static version of your choosing. I believe NM won't replace a symlink. You can just remove the symlink when you're done and it should go back to normal...I think.

[-] [email protected] 6 points 1 month ago

I just glimpsed over the other comments, I also use both Mullvad VPN and tumbleweed. I switched to systemd-resolvd and got it working at some point, but its a big hassle and I also had strange problems when trying it for the first time. I could try to look into my configuration on the weekend.

[-] [email protected] -4 points 1 month ago

Please do and give me all the steps you took to get it working. Very appreciated. I tried usinf systemd-resolved but had no luck getting it to work.

[-] [email protected] 4 points 1 month ago

ty i gave up to do this long time ago until i found out your post

[-] [email protected] 3 points 1 month ago

I’ve switched from Quad9 to Mullvad DNS a month ago, and I’ve been noticing some domains aren’t resolving. Domains that shouldn’t be blocked. It feels like Mullvad’s rules are extra restrictive.

[-] [email protected] 2 points 1 month ago

Same in lastest Mint EDGE release..

[-] [email protected] 1 points 1 month ago

Try using the private IP options instead and see if that works. The generic one being 10.64.0.1, but other options that include ad voicing and such ranging from 100.64.0.1 to 100.64.0.25 or something like that. I've got my entire network setup behind their VPN and a a pihole pointing to one of their private DNS addresses without any issues. I left their pubic DNS years ago so that I could make sure my DNS requests were always within the tunnel instead

[+] [email protected] -14 points 1 month ago

Things like this are why I still haven’t switched to Linux. Had a play with Mint on a USB stick and liked it, but I just worry that when I start to use it for real, I am going to spend far too much time searching for solutions to weird problems and going down rabbit holes.

[-] [email protected] 4 points 1 month ago

LOL this isn't even a Linux issue. This is an "I'm confused about how DNS works" issue.

[-] [email protected] 0 points 1 month ago

Network manager not working well with DNS over TLS is not a Linux issue? Ok, thanks for the education.

[-] [email protected] 0 points 1 month ago* (last edited 1 month ago)

Read the post. The user obviously didn't even know that Mullvad uses DNS over TLS and that the other providers used regular DNS, nor did he know how to properly troubleshoot a DNS issue, which is a skill you should have on any OS if you're going to mess about with DNS settings.

[-] [email protected] -3 points 1 month ago

How the fuck am I supposed to know that Network Manager won't support DNS over TLS by default when every other operating system does? I've messed around with DNS before on multiple devices and never had any issues until now. We get it. You use Arch. Mr skillful

[-] [email protected] 2 points 1 month ago* (last edited 1 month ago)

How the fuck am I supposed to know that Network Manager won’t support DNS over TLS

Read the documentation? Use google?

The very first hit when you google "dns over tls tumbleweed" provides the answer: https://dev.to/archerallstars/using-dns-over-tls-on-opensuse-linux-in-4-easy-steps-enable-cloud-firewall-for-free-today-2job

A more generic query "dns over tls linux" gives this, which works just the same: https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c

Both google searches return several more hits that basically say the same thing.

Even the NetworkManager reference manual refers you to systemd-resolved as the solution: https://www.networkmanager.dev/docs/api/latest/settings-connection.html

Key Name	Value Type	Description
dns-over-tls	int32	Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: "yes" (2) use DNSOverTls and disabled fallback, "opportunistic" (1) use DNSOverTls but allow fallback to unencrypted resolution, "no" (0) don't ever use DNSOverTls. If unspecified "default" depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved.

I don't use NetworkManager, I've never even used Tumbleweed and I found the answer in all of 10 minutes. Of course that doesn't help if you're so clueless that you didn't even know that you were using DNS-over-TLS, or that DoT is a very recent development that differs significantly from regular DNS and that it requires a DNS resolver that supports it.

when every other operating system does?

Like Windows 10? (Hint: it doesn't)

You use Arch. Mr skillful

Who cares what I use. When I'm messing with something I don't understand, I at least read the documentation first instead of complaining on the internet and calling the whole community toxic and, I quote, "Butthurt Linux gobblers" when you get the slightest bit of pushback.

[-] [email protected] -1 points 1 month ago

no this is in fact a Linux issue. Because I was able to get DOT working on Windows and Android (GrapheneOS) working in like 2 minutes. This is in fact a Linux issue. Another thing that is a Linux issue is my microphone not having any drivers for the last 4 months on my brand new laptop that I bought and yes I am running the latest kernel.

No I am not going to switch back to Windows but y'all need to stop gobbling Linux as this perfect no can do wrong operating system because it is FAR from it and is still by far, the most difficult operating system to use even for some semi tech savvy people like me.

[-] [email protected] 1 points 1 month ago

Cool

[-] [email protected] 0 points 1 month ago

Nice

[-] [email protected] 0 points 1 month ago

Butthurt Linux gobblers are downvoting you even though you are correct. I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes. "But Linux is free and open source, but Linux isn't spyware, but but Linux (insert whatever you want here". This is not the point. Point is the average peeson probably doesn't have the time and energy to spend hours upon hours trying to figure out how to setup DNS over TLS (when it can be setup in 2 minutes underneath Windows without ever needing to open up a terminal), why their microphone isn't working (find out there are no supported drivers and need to boot into Windows whenever I need to use the mic for whatever online meeting), why their laptop doesn't sleep properly (finds out it was a kernel related issue, had to wait until the next update), touch sensor not working, and etc etc etc.

No I am not going to stop using Linux people it is still my main OS for like 95% of my activities. But having to have my Windows partition there because my fucking microphone doesn't work, NOT because I need it to run certain software, is the exact reason Linux will never be mainstream. But I guess you can keep pointing out Microsoft's predatory actions instead of trying to fix Linux's problems cause that's productive aye?

[-] [email protected] 4 points 1 month ago

Thank you. The downvotes don’t bother me, but the attitude of some of these linux fans does. Skills issues my ass. I’m fairly IT literate. I can find my way around basic unix stuff for work, and don’t care if i have to spend some of the time i get paid for on reading man pages. But at home, my computer just needs to work. Linux is not ready for that, and some of these fanboys just put people off.

[-] [email protected] 1 points 1 month ago

Fr, and I was never the one that started complaining first saying Linux is difficult. I just came here to ask for advice and then you commented that stuff like this is why you don't feel comfortable switching to Linux yet, and then you get attacked and I get indirectly attacked by these toxic nerds saying "okay enjoy getting spied on" or "read the fucking manual" or "skill issue". Yea this is totally productive to the Linux community yea right.

[-] [email protected] -3 points 1 month ago

I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes

skill issue.

[-] [email protected] 0 points 1 month ago

Hilarious

[-] [email protected] -2 points 1 month ago

Nothing lost for us. Keep using the OSs made to follow you around and share your data with "Trusted third parties".

[-] [email protected] 4 points 1 month ago

Did I say I want to keep using windows? I don’t. I want to get off W10 before that becomes an unsupported security risk, and won’t go to W11. All I said, or meant to say, is that I don’t feel comfortable yet to move to Linux, and posts like this don’t make me more confident that Linux is trouble free. It’s not just that I don’t want to spend hours fixing problems, it’s also for the sanity of my family who just need a working computer

[-] [email protected] 1 points 1 month ago

POV: Linux community is extremely toxic and wonders why nobody else in the tech world likes them. Insert surprised pikachu face

this post was submitted on 21 May 2024

64 points (97.1% liked)

Linux

45773 readers

979 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]