I have wasted the last 2.5 hours trying to see where I went wrong with my configuration and I just can’t.
For the record, I am running OpenSuse Tumbleweed with Gnome, latest update for everything. Up to now I have been using AdGuard as my DNS resolver, but am now trying to switch to Mullvad but at this point I think I probably don’t want to anymore. Reason being, I just can not get it to work for the life of me.
My system has NetworkManager installed so I go there, select my connected Wifi, and enter Mullvad’s DNS address 194.242.2.4 in thr IPv4 section, then I go to check to see if it shows I am using their DNS and it Firefox AND Vivaldi give no internet connection errors. I go back to Adguard DNS and my internet is back working again. I go back to Mullvad, you guessed it, no internet once again. I even tried Cloudflare and Quad 9’s DNS addresses and both of those worked as well but Mullvad’s just does not want to work and I am going insane over it.
And no I can not edit resolv.conf through the terminal because NetworkManager will override it and no I don’t want to delete NetworkManager. Any feedback would be appreciated.
Edit: I have Mullvad DNS on my phone and got it running with zero issues so this is more of a Linux problem than a Mullvad DNS problem I think.
Solution:
Open terminal and follow through
sudo zypper install systemd-network
sudo nano /etc/systemd/resolved.conf
Copy paste this into the file that you just opened and change the DNS to whichever DNS provider you are using.
[
]
DNS=194.242.2.4 2a07:e340::4
FallbackDNS=194.242.2.2 2a07:e340::2
Domains=~.
DNSSEC=yes
DNSOverTLS=opportunistic
#MulticastDNS=no
#LLMNR=no
Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=no
#DNSStubListenerExtra=
ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
Ctrl + O to write out and Ctrl + X to exit back to the terminal main page.
ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
sudo systemctl start systemd-resolved
sudo systemctl enable systemd-resolved
sudo systemctl restart NetworkManager
Boom it should be working now.
Mullvad (apparenlty, first time I’ve heard from the service) uses DNS over TLS and I don’t think that the current GUI version has the option to enable it. Here’s a quickly googled howto from Fedora on how to enable it on your system. If that doesn’t help search for ‘NetworkManager DOT’ or ‘DNS over TLS’.
Right on the money: See also the official mullvad docs: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#linux
The solution on their page does not work as my network settings are controlled by Network Manager
deleted by creator
I tried the guide you sent, and it gives me an error in the terminal when I try to restart NetworkManager. This is caused by the thing in step 2, and when I remove the file that was created in step 2, NetworkManager starts fine again, but now I need to have a DNS IP address entered into IPv4 and IPv6 per network connection, and it can not be Mullvad’s DNS servers otherwise I again get no connection which again just puts me back at square one, only now I have a systemctl command running in the background for no reason.
You can edit resolv.conf and
# chattr +i resolv.conf
makes the file immutable.
It’s a kludge, and I’m not saying that it solves your DNS issue, but NM can’t override the file.
How would I undo this process? I am considering testing this out but how would I make it overridable again just in case?
Edit, just tried it and added the DNSoverTLS=yes line and it did not seem to fix anything so unfortunately this isn’t a solution but still a nice thing to know.
chattr -i
What a surprise.
Another option is to remove it and symlink it to a static version of your choosing. I believe NM won’t replace a symlink. You can just remove the symlink when you’re done and it should go back to normal…I think.
Things like this are why I still haven’t switched to Linux. Had a play with Mint on a USB stick and liked it, but I just worry that when I start to use it for real, I am going to spend far too much time searching for solutions to weird problems and going down rabbit holes.
Cool
Nice
LOL this isn’t even a Linux issue. This is an “I’m confused about how DNS works” issue.
no this is in fact a Linux issue. Because I was able to get DOT working on Windows and Android (GrapheneOS) working in like 2 minutes. This is in fact a Linux issue. Another thing that is a Linux issue is my microphone not having any drivers for the last 4 months on my brand new laptop that I bought and yes I am running the latest kernel.
No I am not going to switch back to Windows but y’all need to stop gobbling Linux as this perfect no can do wrong operating system because it is FAR from it and is still by far, the most difficult operating system to use even for some semi tech savvy people like me.
Network manager not working well with DNS over TLS is not a Linux issue? Ok, thanks for the education.
Read the post. The user obviously didn’t even know that Mullvad uses DNS over TLS and that the other providers used regular DNS, nor did he know how to properly troubleshoot a DNS issue, which is a skill you should have on any OS if you’re going to mess about with DNS settings.
How the fuck am I supposed to know that Network Manager won’t support DNS over TLS by default when every other operating system does? I’ve messed around with DNS before on multiple devices and never had any issues until now. We get it. You use Arch. Mr skillful
How the fuck am I supposed to know that Network Manager won’t support DNS over TLS
Read the documentation? Use google?
The very first hit when you google “dns over tls tumbleweed” provides the answer: https://dev.to/archerallstars/using-dns-over-tls-on-opensuse-linux-in-4-easy-steps-enable-cloud-firewall-for-free-today-2job
A more generic query “dns over tls linux” gives this, which works just the same: https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c
Both google searches return several more hits that basically say the same thing.
Even the NetworkManager reference manual refers you to systemd-resolved as the solution: https://www.networkmanager.dev/docs/api/latest/settings-connection.html
Key Name Value Type Description dns-over-tls int32 Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: “yes” (2) use DNSOverTls and disabled fallback, “opportunistic” (1) use DNSOverTls but allow fallback to unencrypted resolution, “no” (0) don’t ever use DNSOverTls. If unspecified “default” depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved. I don’t use NetworkManager, I’ve never even used Tumbleweed and I found the answer in all of 10 minutes. Of course that doesn’t help if you’re so clueless that you didn’t even know that you were using DNS-over-TLS, or that DoT is a very recent development that differs significantly from regular DNS and that it requires a DNS resolver that supports it.
when every other operating system does?
Like Windows 10? (Hint: it doesn’t)
You use Arch. Mr skillful
Who cares what I use. When I’m messing with something I don’t understand, I at least read the documentation first instead of complaining on the internet and calling the whole community toxic and, I quote, “Butthurt Linux gobblers” when you get the slightest bit of pushback.
Butthurt Linux gobblers are downvoting you even though you are correct. I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes. “But Linux is free and open source, but Linux isn’t spyware, but but Linux (insert whatever you want here”. This is not the point. Point is the average peeson probably doesn’t have the time and energy to spend hours upon hours trying to figure out how to setup DNS over TLS (when it can be setup in 2 minutes underneath Windows without ever needing to open up a terminal), why their microphone isn’t working (find out there are no supported drivers and need to boot into Windows whenever I need to use the mic for whatever online meeting), why their laptop doesn’t sleep properly (finds out it was a kernel related issue, had to wait until the next update), touch sensor not working, and etc etc etc.
No I am not going to stop using Linux people it is still my main OS for like 95% of my activities. But having to have my Windows partition there because my fucking microphone doesn’t work, NOT because I need it to run certain software, is the exact reason Linux will never be mainstream. But I guess you can keep pointing out Microsoft’s predatory actions instead of trying to fix Linux’s problems cause that’s productive aye?
Thank you. The downvotes don’t bother me, but the attitude of some of these linux fans does. Skills issues my ass. I’m fairly IT literate. I can find my way around basic unix stuff for work, and don’t care if i have to spend some of the time i get paid for on reading man pages. But at home, my computer just needs to work. Linux is not ready for that, and some of these fanboys just put people off.
Fr, and I was never the one that started complaining first saying Linux is difficult. I just came here to ask for advice and then you commented that stuff like this is why you don’t feel comfortable switching to Linux yet, and then you get attacked and I get indirectly attacked by these toxic nerds saying “okay enjoy getting spied on” or “read the fucking manual” or “skill issue”. Yea this is totally productive to the Linux community yea right.
I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes
skill issue.
Hilarious
Nothing lost for us. Keep using the OSs made to follow you around and share your data with “Trusted third parties”.
Did I say I want to keep using windows? I don’t. I want to get off W10 before that becomes an unsupported security risk, and won’t go to W11. All I said, or meant to say, is that I don’t feel comfortable yet to move to Linux, and posts like this don’t make me more confident that Linux is trouble free. It’s not just that I don’t want to spend hours fixing problems, it’s also for the sanity of my family who just need a working computer
POV: Linux community is extremely toxic and wonders why nobody else in the tech world likes them. Insert surprised pikachu face
A bunch of people said resolvd already and I hate to admit it, but this fixed dns over tls for me too.
Mark it as a rare systemd w.
Could you potentially send me the instructions/steps/guide you followed? I attempted to use systemd for this but haven’t had much luck.
It was a while ago and I’m on Debian so my experience might be different but last named version I had to put a line pointing to the internal resolved address in resolv.conf like in this forum thread.
I just glimpsed over the other comments, I also use both Mullvad VPN and tumbleweed. I switched to systemd-resolvd and got it working at some point, but its a big hassle and I also had strange problems when trying it for the first time. I could try to look into my configuration on the weekend.
Please do and give me all the steps you took to get it working. Very appreciated. I tried usinf systemd-resolved but had no luck getting it to work.
I’ve switched from Quad9 to Mullvad DNS a month ago, and I’ve been noticing some domains aren’t resolving. Domains that shouldn’t be blocked. It feels like Mullvad’s rules are extra restrictive.
ty i gave up to do this long time ago until i found out your post
Same in lastest Mint EDGE release…
Try using the private IP options instead and see if that works. The generic one being 10.64.0.1, but other options that include ad voicing and such ranging from 100.64.0.1 to 100.64.0.25 or something like that. I’ve got my entire network setup behind their VPN and a a pihole pointing to one of their private DNS addresses without any issues. I left their pubic DNS years ago so that I could make sure my DNS requests were always within the tunnel instead