(SOLVED) I'm Going Insane. Why Does Mullvad DNS Not Work Underneath My Linux Machine When Every Other DNS Does?
I have wasted the last 2.5 hours trying to see where I went wrong with my configuration and I just can't.
For the record, I am running OpenSuse Tumbleweed with Gnome, latest update for everything. Up to now I have been using AdGuard as my DNS resolver, but am now trying to switch to Mullvad but at this point I think I probably don't want to anymore. Reason being, I just can not get it to work for the life of me.
My system has NetworkManager installed so I go there, select my connected Wifi, and enter Mullvad's DNS address 194.242.2.4 in thr IPv4 section, then I go to check to see if it shows I am using their DNS and it Firefox AND Vivaldi give no internet connection errors. I go back to Adguard DNS and my internet is back working again. I go back to Mullvad, you guessed it, no internet once again. I even tried Cloudflare and Quad 9's DNS addresses and both of those worked as well but Mullvad's just does not want to work and I am going insane over it.
And no I can not edit resolv.conf through the terminal because NetworkManager will override it and no I don't want to delete NetworkManager. Any feedback would be appreciated.
Edit: I have Mullvad DNS on my phone and got it running with zero issues so this is more of a Linux problem than a Mullvad DNS problem I think.
Solution:
Open terminal and follow through
sudo zypper install systemd-network
sudo nano /etc/systemd/resolved.conf
Copy paste this into the file that you just opened and change the DNS to whichever DNS provider you are using.
[Resolve]
DNS=194.242.2.4 2a07:e340::4
FallbackDNS=194.242.2.2 2a07:e340::2
Domains=~.
DNSSEC=yes
DNSOverTLS=opportunistic
#MulticastDNS=no
#LLMNR=no
#Cache=yes #CacheFromLocalhost=no
#DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
Ctrl + O to write out and Ctrl + X to exit back to the terminal main page.
Mullvad (apparenlty, first time I've heard from the service) uses DNS over TLS and I don't think that the current GUI version has the option to enable it. Here's a quickly googled howto from Fedora on how to enable it on your system. If that doesn't help search for 'NetworkManager DOT' or 'DNS over TLS'.
I tried the guide you sent, and it gives me an error in the terminal when I try to restart NetworkManager. This is caused by the thing in step 2, and when I remove the file that was created in step 2, NetworkManager starts fine again, but now I need to have a DNS IP address entered into IPv4 and IPv6 per network connection, and it can not be Mullvad's DNS servers otherwise I again get no connection which again just puts me back at square one, only now I have a systemctl command running in the background for no reason.
It was a while ago and I’m on Debian so my experience might be different but last named version I had to put a line pointing to the internal resolved address in resolv.conf like in this forum thread.
How would I undo this process? I am considering testing this out but how would I make it overridable again just in case?
Edit, just tried it and added the DNSoverTLS=yes line and it did not seem to fix anything so unfortunately this isn't a solution but still a nice thing to know.
Another option is to remove it and symlink it to a static version of your choosing. I believe NM won't replace a symlink. You can just remove the symlink when you're done and it should go back to normal...I think.
I just glimpsed over the other comments, I also use both Mullvad VPN and tumbleweed. I switched to systemd-resolvd and got it working at some point, but its a big hassle and I also had strange problems when trying it for the first time. I could try to look into my configuration on the weekend.
I’ve switched from Quad9 to Mullvad DNS a month ago, and I’ve been noticing some domains aren’t resolving. Domains that shouldn’t be blocked. It feels like Mullvad’s rules are extra restrictive.
Try using the private IP options instead and see if that works. The generic one being 10.64.0.1, but other options that include ad voicing and such ranging from 100.64.0.1 to 100.64.0.25 or something like that. I've got my entire network setup behind their VPN and a a pihole pointing to one of their private DNS addresses without any issues. I left their pubic DNS years ago so that I could make sure my DNS requests were always within the tunnel instead
Things like this are why I still haven’t switched to Linux. Had a play with Mint on a USB stick and liked it, but I just worry that when I start to use it for real, I am going to spend far too much time searching for solutions to weird problems and going down rabbit holes.
no this is in fact a Linux issue. Because I was able to get DOT working on Windows and Android (GrapheneOS) working in like 2 minutes. This is in fact a Linux issue. Another thing that is a Linux issue is my microphone not having any drivers for the last 4 months on my brand new laptop that I bought and yes I am running the latest kernel.
No I am not going to switch back to Windows but y'all need to stop gobbling Linux as this perfect no can do wrong operating system because it is FAR from it and is still by far, the most difficult operating system to use even for some semi tech savvy people like me.
Butthurt Linux gobblers are downvoting you even though you are correct. I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes. "But Linux is free and open source, but Linux isn't spyware, but but Linux (insert whatever you want here". This is not the point. Point is the average peeson probably doesn't have the time and energy to spend hours upon hours trying to figure out how to setup DNS over TLS (when it can be setup in 2 minutes underneath Windows without ever needing to open up a terminal), why their microphone isn't working (find out there are no supported drivers and need to boot into Windows whenever I need to use the mic for whatever online meeting), why their laptop doesn't sleep properly (finds out it was a kernel related issue, had to wait until the next update), touch sensor not working, and etc etc etc.
No I am not going to stop using Linux people it is still my main OS for like 95% of my activities. But having to have my Windows partition there because my fucking microphone doesn't work, NOT because I need it to run certain software, is the exact reason Linux will never be mainstream. But I guess you can keep pointing out Microsoft's predatory actions instead of trying to fix Linux's problems cause that's productive aye?
Thank you. The downvotes don’t bother me, but the attitude of some of these linux fans does. Skills issues my ass. I’m fairly IT literate. I can find my way around basic unix stuff for work, and don’t care if i have to spend some of the time i get paid for on reading man pages. But at home, my computer just needs to work. Linux is not ready for that, and some of these fanboys just put people off.
I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes
Did I say I want to keep using windows? I don’t. I want to get off W10 before that becomes an unsupported security risk, and won’t go to W11. All I said, or meant to say, is that I don’t feel comfortable yet to move to Linux, and posts like this don’t make me more confident that Linux is trouble free. It’s not just that I don’t want to spend hours fixing problems, it’s also for the sanity of my family who just need a working computer