DNS over https (DOH)

[robjob1938]

Issue report

Operating system: All

App version: 2023.1

Issue description

I really appreciate Mullvad adding a custom DNS server option, it actually made me look at your service again instead of IVPN (I purchased 1 month to try it out). Your service would be perfect (in my eyes) if it allowed either DOT or DOH (DNS over https and/or DNS over TLS) as a custom DNS in your app. This one option is the only thing that keeps me from fully implementing your service over IVPN (which allows a custom DNS server to DOH).

[MrChocolatine]

@robjob1938 , you might be interested in this article https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/

[robjob1938]

@robjob1938 , you might be interested in this article https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/

Thanks MrChocolatine, I understand Mullvad's DNS, I want to use my own DNS server via mullvad app to connect to any number of DNS services such as Quad9 https://www.quad9.net/service/service-addresses-and-features/

HTTPS: https://dns.quad9.net/dns-query

TLS: tls://dns.quad9.net

[MrChocolatine]

Sorry but I am not part of their team, I am just a happy customer that likes to help.

[Leprous1]

I agree, it would be awesome. I use custom DNS (Adguard) to block tracking and ads but I always had DNS leak since I cannot use DOH nor DOT which is a bummer.

Or Mullvad could add a way to blacklist custom domain instead of having premade lists but I assume this would be more work than permitting DOH.

Edit : You can have DOH / DOT on Android. Enable custom DNS in the app then go to your DNS settings in Android and setup your private DNS and you're good to go. This option lacks on Windows (I don't know for the other os)

[pinkisemils]

The app does not disallow DoH/DoT, all you need to do is point the custom DNS to the resolver on your machine that would then forward the DNS requests onto the DoH/DoT resolvers. On Linux, you could also add extra config to the tunnel interface via systemd-resolve to use DoH/DoT resolvers on the interface via the CLI - this obviously isn't great, but it is a solution. We are planning on adding an option for our client to not try and manage DNS, in which case everything should work just fine.

[Noir16]

@robjob1938 You could try Portmaster. https://github.com/safing/portmaster

Android already offers a Private DNS feature, so use that.

[steel-steven-87]

I wish Mullvad implemented DNS over HTTPS support. After I learned about this feature, I really want it and it seems that the only privacy respecting VPN that has this at the moment is IVPN.

[ghost]

Is this something that’s a possibility? I tried using Mullvad with the ctrld CLI and even after adding its bootstrap DNS server as a secondary custom DNS resolver so Mullvad would stop blocking it, it’s very unstable when Mullvad is connected (not sure whether that’s a Mullvad issue or a ctrld issue) so it’d be nice to be able to take it out of the equation.

[BionicBison05]

@pinkisemils now that the app contains an encrypted DNS resolver (I'm on the iOS beta), is this something that could be reasonably implemented in the near(ish) future?