I’m confused. On the Mullvad blog i see two different articles telling me the DNS server address to use for adblocking. However, they each tell me a different server. Which should it be? This is so i can manually add it to my routers Wireguard setup.
The two i see are as follows:-
194.242.2.3
100.64.0.3
Any suggestions? Is one a free public DNS service and the other for subscribers like myself? Whats the difference?
In a post a while ago I said it was super confusing and was basically told I’m dumb because conflicting info is easy to follow. I believe the short answer is they intercept your DNS to prevent leaks so you can set anything for DNS (7.8.9.10?) unless you want the specific filtering (anti malware, porn etc) in which case use those IPs. If you want to use another service I believe that you’ll have to go DoH/DoT to use it. Lastly, to use the Mullvad servers outside of a Mullvad tunnel they only support DoH.
I’ll repeat my call for Mullvad to make an authoritative list and explanation as to how they work DNS internally vs externally. It really is worth the 10 minutes of effort.
https://www.reddit.com/r/mullvadvpn/comments/102hoxy/docker_solution_for_doh/
The 100.64.0.x range is for internal ad-blocking, it works only if you are connected to a Mullvad VPN server. The 194.242.2.3 IP is for DoH (DNS over HTTPS), it can be used even without Mullvad and need to be set with the domain “adblock.doh.mullvad.net” not the IP directly.
Seems best to follow
If you connect to Mullvad on your router, use one of the IPs listed from their Github page that someone else linked.
If you are not, you can use the DoH since it is free. The other IPs require you to be connected to Mullvad.
Wow. Thanks for all the feedback, much appreciated. I am a subscriber and will pick one from the Github link. Cheers to all!
Where I live, quad9, or cloudflare are the best options. Both of those providers have ipv4 and ipv6 DNS addresses you can map.
Mullvad’s included DNS is a bit slow
tbh im a complete noob and this is an old thread if anyone sees this and is willing to help give a run down on some of this pls reply <3
Nextdns
45.90.28.0
45.90.30.0
I use 1.1.1.1 through DNS over TLS. This way I’m getting the security benefits of Mullvad but also by using DoT to 1.1.1.1 even Mullvad (And all hops in-between) are unable to inspect my DNS traffic.
https://1.1.1.1 are an open/public recursive DNS resolver with very low latency response times so they’re among the best in my experience.
Mullvad do however provide malware and ad blocking services which would require access to your DNS queries in order to block things for you so my setup isn’t ideal for anybody taking advantage of these features.
Is there a similar list for IPv6 DNS addresses?
For openvpn I use port 1400 has it does not have dns hijack enabled. For WireGuard since it’s newish, idk if you can turn off the dns hijack I’ve not switched to WireGuard on a long term basis
You can do that? If so, that would be great! But I thought those addresses were only for use with the VPN.
Good feedback, cheers.
Yeah, this. The DNS domain verification ensures that nobody is forging DNS records, also leaks do not really matter as your ISP is not able to read your request and cloudflare is not in business for tracking.
you may have gone too far this message was mass deleted/edited with redact.dev
Nope, no one could. Sorry. I came here looking for answers too.
Search “DNS over HTTPS” for your browser & on youtube. Then visit www.quat9.net
Just stranded on this.
A bit late but maybe not too late yet.
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/#specifications
That’s done via DNS intercepts, yes. Now shut the fuck up and go the fuck away.