When using NextDNS via tailscale and a mullvad exit node, the dns over https requests to NextDNS do not go via the mullvad exit node but direct from the client. Therefore NextDNS records the real ip as the source of the dns requests. This would seem counterintuitive to using a privacy vpn service such as mullvad.
Is this by design? I would expect the https requests to NextDNS to use the mullvad exit node along with all other traffic.
Steps to reproduce
Tested in iOS.
1 Use mullvad exit node and NextDNS
2 Set NextDNS to log source IP and observe real IP being logged.
3 Monitor iOS traffic using wireshark and observe connections to NextDNS outside the mullvad tunnel.
Are there any recent changes that introduced the issue?
What is the issue?
When using NextDNS via tailscale and a mullvad exit node, the dns over https requests to NextDNS do not go via the mullvad exit node but direct from the client. Therefore NextDNS records the real ip as the source of the dns requests. This would seem counterintuitive to using a privacy vpn service such as mullvad.
Is this by design? I would expect the https requests to NextDNS to use the mullvad exit node along with all other traffic.
Steps to reproduce
Tested in iOS. 1 Use mullvad exit node and NextDNS 2 Set NextDNS to log source IP and observe real IP being logged. 3 Monitor iOS traffic using wireshark and observe connections to NextDNS outside the mullvad tunnel.
Are there any recent changes that introduced the issue?
No
OS
iOS
OS version
17.4.1
Tailscale version
1.64.0
Other software
None
Bug report
No response