I used Mullvad’s guide to change the DNS in Linux Mint and it worked. But I have a question about Firefox’s DNS over HTTPS settings. Can I turn it to off now that the whole operating system uses the Mullvad DNS?

  • nublug@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    4 days ago

    don’t know why you’d want to? you may trust your dns server but without dns over https the dns requests themselves are sent plaintext and are vulnerable to man-in-the-middle attack. with dns over https the dns requests are encrypted and that encryption would have to be broken for a MITM attacker to see your requests. more security is better and dns over https costs virtually nothing to use in terms of cpu resources.

    edit: oh do you mean whole system mullvad VPN? if so, then yeah dns over https doesn’t really help much but it’s also still a case of why bother turning it off when there’s no benefit to it.

  • communism@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    4 days ago

    Yeah you should turn it off, Mullvad’s DNS servers already give you DNS privacy. I forget which DNS servers Firefox’s DoH uses, but it will use some other DNS servers for Firefox with DoH enabled, which presumably you don’t want if you went out of your way to set your DNS servers to Mullvad’s.

  • Todd Bonzalez@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    4 days ago

    Mullvad’s Linux client is a nightmare. I just use the Wireguard config file so I can choose how the rest of the network stack should behave.

    • intro@programming.devOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      4 days ago

      I checked it. I used the adblock.dns.mullvad.net option and adblocking works fine on all browsers without using adblock extensions. The checker on Mullvad’s website shows the DNS info as it should. I think maybe there’s no need for Firefox DNSoH settings anymore because the whole OS uses Mullvad DNS now. But I don’t know enough about DNS to be sure.

  • Quail4789@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 days ago

    It’s so fucking dumb that an application can just decide to bypass system-wide dns resolution.

    • ftbd@feddit.org
      link
      fedilink
      arrow-up
      2
      ·
      4 days ago

      You mean firefox or the mullvad app? Took me a hot minute to figure out why things aren’t working as expected when setting up adguardhome, turned out the mullvad app was hijacking /etc/resolv.conf to inject mullvad nameservers