kubrickfr
commented
2 years ago Mullvad has sensible defaults to prevent DNS leakage and has firewall rules to deny all TCP and UDP traffic to port 53 (DNS) regardless of the origin / destination.
You'll find it in the output chain of table inet mullvad:
oif "wg-mullvad" udp dport 53 ip daddr 10.64.0.1 accept
oif "wg-mullvad" udp dport 53 ip6 daddr fc00:bbbb:bbbb:bb01::1 accept
oif "wg-mullvad" tcp dport 53 ip daddr 10.64.0.1 accept
oif "wg-mullvad" tcp dport 53 ip6 daddr fc00:bbbb:bbbb:bb01::1 accept
udp dport 53 reject
tcp dport 53 reject with tcp resetWhat you could do to work around the "problem", at your own risks of course, is to have a NetworkManager dispatch script that would inject an exception in that chain for your particular use case every times mullvad connects, or you could have a permanent firewall rule with a higher priority.
Issue report
Operating system: Ubuntu 22.04 LTS
App version: 2022.2
Issue description
I'm not sure it fits here, not really a bug but it prevents my other software from running normally so I'm trying anyway.
Since I've installed Mullvad, the pods in my local (development) Kubernetes cluster cannot resolve domains anymore.
If I deactivate Mullvad, it works fine. The pods can join the Internet, it is just the DNS queries that fail.
The only solution I've found so far is to tell my pods to use a specific DNS server, and split-tunnel queries to this DNS server in Mullvad.
But I'm sure there is a better, cleaner way that doesn't leak DNS queries. Any idea?
Thanks.