I used Mullvad’s guide to change the DNS in Linux Mint and it worked. But I have a question about Firefox’s DNS over HTTPS settings. Can I turn it to off now that the whole operating system uses the Mullvad DNS?
Yeah you should turn it off, Mullvad’s DNS servers already give you DNS privacy. I forget which DNS servers Firefox’s DoH uses, but it will use some other DNS servers for Firefox with DoH enabled, which presumably you don’t want if you went out of your way to set your DNS servers to Mullvad’s.
don’t know why you’d want to? you may trust your dns server but without dns over https the dns requests themselves are sent plaintext and are vulnerable to man-in-the-middle attack. with dns over https the dns requests are encrypted and that encryption would have to be broken for a MITM attacker to see your requests. more security is better and dns over https costs virtually nothing to use in terms of cpu resources.
edit: oh do you mean whole system mullvad VPN? if so, then yeah dns over https doesn’t really help much but it’s also still a case of why bother turning it off when there’s no benefit to it.
Afaik you should be able to. You could always try it and check your IP at a dns leak test site.
I checked it. I used the
adblock.dns.mullvad.net
option and adblocking works fine on all browsers without using adblock extensions. The checker on Mullvad’s website shows the DNS info as it should. I think maybe there’s no need for Firefox DNSoH settings anymore because the whole OS uses Mullvad DNS now. But I don’t know enough about DNS to be sure.
Please look also at dohd https://dyne.org/dohd/ as an alternative I know both the author’s, they are super cool! You can ask directly @[email protected]
Mullvad offers DoH and DoT, why not set firefox to use that as well?
Mullvad’s Linux client is a nightmare. I just use the Wireguard config file so I can choose how the rest of the network stack should behave.
somewhere in the privacy settings DoH can be turned off.
It’s so fucking dumb that an application can just decide to bypass system-wide dns resolution.
You mean firefox or the mullvad app? Took me a hot minute to figure out why things aren’t working as expected when setting up adguardhome, turned out the mullvad app was hijacking /etc/resolv.conf to inject mullvad nameservers