Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature request] Use system (not VPN's) DNS for apps running with mullvad-exclude #4483

Open
MahouShoujoMivutilde opened this issue Mar 24, 2023 · 3 comments
Open

[Feature request] Use system (not VPN's) DNS for apps running with mullvad-exclude #4483

MahouShoujoMivutilde opened this issue Mar 24, 2023 · 3 comments
Labels
Linux Issues related to Linux

Comments

@MahouShoujoMivutilde
Copy link

Issue report

Operating system: Arch Linux, Linux 6.2.8, Networkmanager 1.42.4 + systemd-resolved (systemd 253.1)

App version: 2023.2

Issue description

Even with mullvad-exclude apps still use Mullvad's DNS instead of what system uses without VPN on (which in my case would be DNS from DHCP from router).

Details

resolvectl status and resolve.conf 
❯ resolvectl status
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: uplink

Link 2 (enp7s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.1
       DNS Servers: 10.0.0.1
        DNS Domain: test

Link 3 (wg-mullvad)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: fc00:bbbb:bbbb:bb01::1
       DNS Servers: 10.64.0.1 fc00:bbbb:bbbb:bb01::1
        DNS Domain: ~.

~
❯ cat /etc/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 10.0.0.1
nameserver 10.64.0.1
nameserver fc00:bbbb:bbbb:bb01::1
search test

Now let's test a local domain that resolves perfectly fine without VPN on:

❯ drill skylake.test
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 7931
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; skylake.test.        IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
.       10262   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2023032400 1800 900 604800 86400

;; ADDITIONAL SECTION:

;; Query time: 73 msec
;; SERVER: 10.64.0.1
;; WHEN: Fri Mar 24 19:23:02 2023
;; MSG SIZE  rcvd: 105

~
❯ ping skylake.test
ping: skylake.test: Temporary failure in name resolution

So far nothing unusual, of course it doesn't work, it shouldn't.

But now:

~
❯ mullvad-exclude drill skylake.test
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 16580
;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; skylake.test.        IN      A

;; ANSWER SECTION:
skylake.test.   0       IN      A       10.0.0.6

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 10.0.0.1
;; WHEN: Fri Mar 24 19:23:26 2023
;; MSG SIZE  rcvd: 46


# YAY IT WORKS? Nope

~
❯ mullvad-exclude ping skylake.test
ping: skylake.test: Temporary failure in name resolution

...is the interesting part.

nsswitch.conf is in default state for my distro.

~
❯ cat /etc/nsswitch.conf
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files systemd
group: files [SUCCESS=merge] systemd
shadow: files systemd
gshadow: files systemd

publickey: files

hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

~

So, basically what I suggest is in the title - with mullvad-exclude apps should use the same DNS as they would without running the VPN at all.

I'm aware of custom DNS option, but it isn't what I'm looking for (I don't need my VPN apps to use default LAN DNS after all).
@real-or-random
Copy link

This is related to #614 (comment). Perhaps my comment there helps anyone for now.

@felschr
Copy link

felschr commented Nov 24, 2023

I literally lost money because I didn't realize it still uses Mullvad's DNS including blocking settings, so I still had ads & trackers blocked when I needed them to be allowed. 😅

@raksooo
Copy link
Member

raksooo commented Nov 27, 2023

Thank you for the feature request. We have an issue in our internal planning tool to track this.

@raksooo raksooo added the Linux Issues related to Linux label Nov 27, 2023
@real-or-random real-or-random mentioned this issue Dec 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Linux Issues related to Linux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@real-or-random @felschr @raksooo @MahouShoujoMivutilde