ITwrx
commented
5 months ago Exactly. Why is the mullvad vpn client "blocking the internet" when i don't have any content blocking enabled in the Mullvad client? I'm trying to use my own edge firewall's dns (with it's blocking rules) and mullvad is modifying my dns config on the client machines without asking, when i don't want it to, like i'm a ward of the mullvad state. So now, i get BadSite blocking on the client machine from my lan firewall as long as i don't use the VPN(!) If i use the vpn, it either overrides my dns and bypasses my firewall rules, or i make my resolv.conf immutable, and the VPN can't "block the internet" and won't even start. Pretty obnoxious.
The "use custom DNS" option only says it will "allow you to add a dns server" when it needs to be a switch for opting in to the mullvad dns server, and the related content blocking features.
I should be able to use the vpn with my own un-touched resolv.conf and local caching dns server(edge firewall) with my preferred upstreams. I'm guessing the mullvad client is changing resolv.conf by default as an assumed privacy improvement and to make it possible to enable the content blocking features for more typical end users that don't have their own edge firewall, but if mullvad is going to have a feature set like this it needs to be respectful and think about the implementation. As in, don't modify people's dns config without them asking you to. If someone does choose to enable the mullvad content blocking feature, everything needs to be worded and explained better, and they need to be told that mullvad will be overwriting their resolv.conf, so that people don't waste time troubleshooting. I also lost time on this, because i didn't know about the content blocking features, and didn't have them enabled, so i thought my firewall rules weren't working, then i thought systemd on the client was interfering. I disabled systemd-resolvd and set my own resolv.conf and the mystery nameserver entry appeared again... That's when i finally found out Mullvad client was modifying my client machine's dns config even though i had not enabled any features that should require that, as far as i am aware.
I'm pretty happy with Mullvad's practices, the client, and the vpn so far, but this was poorly thought out/implemented and could come across as condescending and reckless, even if not intended that way.
Please fix asap. Thanks
Is it a bug?
I have checked if others have reported this already
Current Behavior
Connection fails if /etc/resolv.conf cannot be modified by mulvad.
Expected Behavior
If 'Use custom DNS server' is disabled, the application has no reason at all to touch resolv.conf, even if we can use the app to set the same servers or similar configuration.
Steps to Reproduce
Failure Logs
No response
Operating system version
No response
Mullvad VPN app version
No response
Additional Information
There are several applications that for whatever reason feel the urge to modify resolv.conf, to the point that some of them even include a nasty 'chattr -i' in their start scripts. For those of us who need to use a custom resolv.conf, it is a really nasty problem when we have to un-chattr the file just to be able to use the vpn. I have had to create a script to permanently monitor and change the file back to what I need.
There is no reason for the modification of this file if the setting to use custom DNS is disabled.