1

NextDNS Configuration on Linux With Mullvad VPN

Hi. I am having some trouble understanding how I should configure my settings to ensure NextDNS is always working with my VPN, primarily where I do not have to log into NextDNS portal to link my IP after changing VPN server.

I am using a Ubuntu based distro. Thanks for any help! I have not installed NextDNS into my machine. But NextDNS is working through my VPN settings and being that I link my IP in the portal.

Does it matter what is installed and configured first from a fresh OS install and OS upgrade? (Mullvad then NextDNS vs NextDNS then Mullvad)

From what I can see, my VPN works when I configure NextDNS through the web portal. But when I change server, I have to re link my IP. I had this setup before but, cannot recall how I managed to get it to work. (I had installed NextDNS into the machine and managed the settings and configuration in the Portal. I am using Wireguard with manual DNS in Mullvad and then NextDNS works fine. That is one way it works. The way I had it previously, NextDNS was working no matter when I change the VPN server.

I could use a little help with context on how NextDNS works with VPN's specifically Mullvad and how the different ways I can configure or connect them? I appreciate any help folks!

7 replies

null
    • Tim_Holme
    • 3 yrs ago
    • Reported - view

    I'm having a similar problem with a different VPN. My company uses a split-tunnel VPN. When I started using NextDNS on my router, the split tunnel VPN stopped working. By that, what I mean is that everything behaves normally when I'm not connected to VPN, but when I'm on my VPN, I cannot access the internet nor my corporate IP addresses (via ping).

      • Ave_Plague
      • 3 yrs ago
      • Reported - view

      Tim Holme From what I understand, the VPN will likely override any DNS settings you may have configured, unless the VPN has a "configuration" that works with the DNS. OR has been configured in such a way that it works with the VPN.

      There is a way, I had it setup on this system but had to Format the disc because I am experimenting with various things. Sadly I didn't write everything down that I had done to get to that point. I will be spending time on this throughout the week so when I get it setup I can relay that here. Hopefully though, we get some more input by the community, It would be nice to have a guide that discusses the various ways of setting these tools up.

    • Ave_Plague
    • 3 yrs ago
    • Reported - view

    What I have learned so far: that seems to work.

    I like learning with a fresh install of OS and updates with no other cconfig settings. I then change the dns settings in my wired settings, ipv4 and 6 both get the nextdns ips and I disable automatic config for each.

    45.90.28.231

    45.90.30.231

    2a07:a8c0::3a:7362

    2a07:a8c1::3a:7362

    Then I link my IP in NextDNS portal. (Make sure no vpn is running, you want your IP to be linked.)

    I then install mullvad vpn. In advanced settings, I enable ipv6, use wireguard tunnel protocol, and use a custom DNS, I enter nextdns ipv6

    2a07:a8c0::3a:7362

    This seems to work no matter where I select my vpn. I check ip, dnsleak test, and nextdns config, and I am constantly :

    All good!

    This device is using NextDNS with this configuration.

    The only thing I seen that was weird was when I changed locations with Mullvad, occassionally the ISP would change, and the country too, though NextDNS was always listed as Hosting Name. Some ISP servers were from 14 nations, even when I selected a nation that was NOT part of the IC collab. This is likely due to Wireguard routing-protocol. I will work to learn more.

    Before I got this config setup, I was testing the broswer network settings - under general for firefox based browsers. In here I can set DNS as a proxy but there come issues when using

    Proxy DNS when using SOCKS v5

    Enable DNS over HTTPS

    Dnsleaktest changes ISP and Hostname and in NextDNs portal, I am using DNS but not with the configuration listed below. So I disable the browser proxy and let NextDNS and my VPN do the work. When I disconnect my vpn, I can see my ip but the dns leak test does not show my ISP! it shoes next dns and the closest region where their servers are. Which is a few hours drive from me. I like this. I also then set a killswitch so I am always connected to vpn or blocked.

    I had not installed any nextdns software that I recall, I think there are different ways to use the service? Do I have to have installed nextdns onto my system?

    Will report back when I learn more.

    • Pro subscriber ✓
    • DynamicNotSlow
    • 3 yrs ago
    • Reported - view

    Mixing VPN with different DNS provider isn’t recommend. You should also read https://gist.github.com/joepie91/5a9909939e6ce7d09e29

      • Ave_Plague
      • 3 yrs ago
      • Reported - view

      DynamicNotSlow I think to some degree, you are 100% accurate. Especially if you are new and not testing the outcomes of various configurations. If you are learning or experienced and are testing the results, it then comes to the ISP and the VPN service you are using. If you are using a good VPN service, Mullvad is one of the best listed as recommended by Freedom of the Press's Chose a VPN review as well as PrivacyTools recommended, then it is better than not using one. (provided you do have a secure configuration).

      Mullvad does not keep logs, at least for now, and is one the few companies that publicy have a record in the court of law. I am aware that Sweden is trying to pass bills that allow if not mandate VPN taffic to be logged, but for now it is safe to use from what I can tell. My NextDNS config is set to not collect logs as well.

      NextDNS may be unique as well as Mullvad because both use NextDNS services. And they work well together. As long as I have:

      All good!

      This device is using NextDNS with this configuration.

      in my portal dashboard,  I feel secure. I prefer to have NextDNS and Mullvad as they both can mostly anonymous and my data, searches, are encrypt my traffic entry. I read your link and the comments, and did some more reading to be sure about a few assumptions. I am confident that I have a better network now than the one I had two weeks ago. I am not using Firefox, I am not using Windows, one firewall/VPN combo and a software VPN (Mullvad), and I am using a privacy based OS and browser. The difference is huge and I have only learned so much more, and confirmed a few open ports where I was vulnerable. I plan on doing more testing, like nMap ect with a Kali VM. Wireshark as well, to learn more about the weaknesses with my configuration. I am sure they are present. Nothing is 100% safe online. Or untrackable, from what I gather.

      Like anything, I think it depends on the surrounding circumstances such as config, hardware, software, location, threat model, and user expertise - ability to learn and properly research. Not to mention test their configuration.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 3 yrs ago
      • Reported - view

      Ave Plague to your VPN part, read that: https://gist.github.com/joepie91/5a9909939e6ce7d09e29 and https://madaidans-insecurities.github.io/vpns.html

    • Ave_Plague
    • 3 yrs ago
    • Reported - view

    I do see after more testing from Mullvad site, that when I have custom DNS selected and even though I use NextDNS IP, I do get a leak - to Next DNS as service. So if that is disabled on Mullvad, and I retest, I get all four green checks. When I disable the VPN entirely, I check my NextDNS and I get the green to go, where I am using NextDNS config. So to correct my previous Configuration, I believe this is the better. When not using VPN, my dns does not leak. When using VPN, my dns does not leak. Confirmed with dnsleak test and nextdns portal. :) Hope this helps othes.

Login to reply

Content aside

  • 1 Likes
  • 3 yrs agoLast active
  • 7Replies
  • 1277Views
  • 2 Following