I have wasted the last 2.5 hours trying to see where I went wrong with my configuration and I just can’t.

For the record, I am running OpenSuse Tumbleweed with Gnome, latest update for everything. Up to now I have been using AdGuard as my DNS resolver, but am now trying to switch to Mullvad but at this point I think I probably don’t want to anymore. Reason being, I just can not get it to work for the life of me.

My system has NetworkManager installed so I go there, select my connected Wifi, and enter Mullvad’s DNS address 194.242.2.4 in thr IPv4 section, then I go to check to see if it shows I am using their DNS and it Firefox AND Vivaldi give no internet connection errors. I go back to Adguard DNS and my internet is back working again. I go back to Mullvad, you guessed it, no internet once again. I even tried Cloudflare and Quad 9’s DNS addresses and both of those worked as well but Mullvad’s just does not want to work and I am going insane over it.

And no I can not edit resolv.conf through the terminal because NetworkManager will override it and no I don’t want to delete NetworkManager. Any feedback would be appreciated.

Edit: I have Mullvad DNS on my phone and got it running with zero issues so this is more of a Linux problem than a Mullvad DNS problem I think.

Solution:

Open terminal and follow through

sudo zypper install systemd-network

sudo nano /etc/systemd/resolved.conf

Copy paste this into the file that you just opened and change the DNS to whichever DNS provider you are using.

[Resolve]

DNS=194.242.2.4 2a07:e340::4

FallbackDNS=194.242.2.2 2a07:e340::2

Domains=~.

DNSSEC=yes

DNSOverTLS=opportunistic

#MulticastDNS=no

#LLMNR=no

#Cache=yes #CacheFromLocalhost=no

#DNSStubListener=no

#DNSStubListenerExtra=

#ReadEtcHosts=yes

#ResolveUnicastSingleLabel=no

Ctrl + O to write out and Ctrl + X to exit back to the terminal main page.

ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

sudo systemctl start systemd-resolved

sudo systemctl enable systemd-resolved

sudo systemctl restart NetworkManager

Boom it should be working now.

  • IsoKiero@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    22
    ·
    25 days ago

    Mullvad (apparenlty, first time I’ve heard from the service) uses DNS over TLS and I don’t think that the current GUI version has the option to enable it. Here’s a quickly googled howto from Fedora on how to enable it on your system. If that doesn’t help search for ‘NetworkManager DOT’ or ‘DNS over TLS’.

    • MagneticFusionOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      25 days ago

      I tried the guide you sent, and it gives me an error in the terminal when I try to restart NetworkManager. This is caused by the thing in step 2, and when I remove the file that was created in step 2, NetworkManager starts fine again, but now I need to have a DNS IP address entered into IPv4 and IPv6 per network connection, and it can not be Mullvad’s DNS servers otherwise I again get no connection which again just puts me back at square one, only now I have a systemctl command running in the background for no reason.

  • bloodfart@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    24 days ago

    A bunch of people said resolvd already and I hate to admit it, but this fixed dns over tls for me too.

    Mark it as a rare systemd w.

    • MagneticFusionOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      3
      ·
      24 days ago

      Could you potentially send me the instructions/steps/guide you followed? I attempted to use systemd for this but haven’t had much luck.

      • bloodfart@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        24 days ago

        It was a while ago and I’m on Debian so my experience might be different but last named version I had to put a line pointing to the internal resolved address in resolv.conf like in this forum thread.

  • mad_asshatter@lemmy.world
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    edit-2
    25 days ago

    You can edit resolv.conf and

    # chattr +i resolv.conf

    makes the file immutable.

    It’s a kludge, and I’m not saying that it solves your DNS issue, but NM can’t override the file.

    • MagneticFusionOP
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      25 days ago

      How would I undo this process? I am considering testing this out but how would I make it overridable again just in case?

      Edit, just tried it and added the DNSoverTLS=yes line and it did not seem to fix anything so unfortunately this isn’t a solution but still a nice thing to know.

  • dino@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    25 days ago

    I just glimpsed over the other comments, I also use both Mullvad VPN and tumbleweed. I switched to systemd-resolvd and got it working at some point, but its a big hassle and I also had strange problems when trying it for the first time. I could try to look into my configuration on the weekend.

    • MagneticFusionOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      5
      ·
      24 days ago

      Please do and give me all the steps you took to get it working. Very appreciated. I tried usinf systemd-resolved but had no luck getting it to work.

  • quaff@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    25 days ago

    I’ve switched from Quad9 to Mullvad DNS a month ago, and I’ve been noticing some domains aren’t resolving. Domains that shouldn’t be blocked. It feels like Mullvad’s rules are extra restrictive.

  • Mikelius@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    25 days ago

    Try using the private IP options instead and see if that works. The generic one being 10.64.0.1, but other options that include ad voicing and such ranging from 100.64.0.1 to 100.64.0.25 or something like that. I’ve got my entire network setup behind their VPN and a a pihole pointing to one of their private DNS addresses without any issues. I left their pubic DNS years ago so that I could make sure my DNS requests were always within the tunnel instead

  • Docus@lemmy.world
    link
    fedilink
    arrow-up
    7
    arrow-down
    21
    ·
    25 days ago

    Things like this are why I still haven’t switched to Linux. Had a play with Mint on a USB stick and liked it, but I just worry that when I start to use it for real, I am going to spend far too much time searching for solutions to weird problems and going down rabbit holes.

      • Docus@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        24 days ago

        Network manager not working well with DNS over TLS is not a Linux issue? Ok, thanks for the education.

        • DefederateLemmyMl@feddit.nl
          link
          fedilink
          arrow-up
          3
          arrow-down
          3
          ·
          edit-2
          24 days ago

          Read the post. The user obviously didn’t even know that Mullvad uses DNS over TLS and that the other providers used regular DNS, nor did he know how to properly troubleshoot a DNS issue, which is a skill you should have on any OS if you’re going to mess about with DNS settings.

          • MagneticFusionOP
            link
            fedilink
            arrow-up
            2
            arrow-down
            5
            ·
            24 days ago

            How the fuck am I supposed to know that Network Manager won’t support DNS over TLS by default when every other operating system does? I’ve messed around with DNS before on multiple devices and never had any issues until now. We get it. You use Arch. Mr skillful

            • DefederateLemmyMl@feddit.nl
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              2
              ·
              edit-2
              24 days ago

              How the fuck am I supposed to know that Network Manager won’t support DNS over TLS

              Read the documentation? Use google?

              The very first hit when you google “dns over tls tumbleweed” provides the answer: https://dev.to/archerallstars/using-dns-over-tls-on-opensuse-linux-in-4-easy-steps-enable-cloud-firewall-for-free-today-2job

              A more generic query “dns over tls linux” gives this, which works just the same: https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c

              Both google searches return several more hits that basically say the same thing.

              Even the NetworkManager reference manual refers you to systemd-resolved as the solution: https://www.networkmanager.dev/docs/api/latest/settings-connection.html

              Key Name Value Type Description
              dns-over-tls int32 Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: “yes” (2) use DNSOverTls and disabled fallback, “opportunistic” (1) use DNSOverTls but allow fallback to unencrypted resolution, “no” (0) don’t ever use DNSOverTls. If unspecified “default” depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved.

              I don’t use NetworkManager, I’ve never even used Tumbleweed and I found the answer in all of 10 minutes. Of course that doesn’t help if you’re so clueless that you didn’t even know that you were using DNS-over-TLS, or that DoT is a very recent development that differs significantly from regular DNS and that it requires a DNS resolver that supports it.

              when every other operating system does?

              Like Windows 10? (Hint: it doesn’t)

              You use Arch. Mr skillful

              Who cares what I use. When I’m messing with something I don’t understand, I at least read the documentation first instead of complaining on the internet and calling the whole community toxic and, I quote, “Butthurt Linux gobblers” when you get the slightest bit of pushback.

      • MagneticFusionOP
        link
        fedilink
        arrow-up
        3
        arrow-down
        4
        ·
        24 days ago

        no this is in fact a Linux issue. Because I was able to get DOT working on Windows and Android (GrapheneOS) working in like 2 minutes. This is in fact a Linux issue. Another thing that is a Linux issue is my microphone not having any drivers for the last 4 months on my brand new laptop that I bought and yes I am running the latest kernel.

        No I am not going to switch back to Windows but y’all need to stop gobbling Linux as this perfect no can do wrong operating system because it is FAR from it and is still by far, the most difficult operating system to use even for some semi tech savvy people like me.

    • MagneticFusionOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      4
      ·
      24 days ago

      Butthurt Linux gobblers are downvoting you even though you are correct. I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes. “But Linux is free and open source, but Linux isn’t spyware, but but Linux (insert whatever you want here”. This is not the point. Point is the average peeson probably doesn’t have the time and energy to spend hours upon hours trying to figure out how to setup DNS over TLS (when it can be setup in 2 minutes underneath Windows without ever needing to open up a terminal), why their microphone isn’t working (find out there are no supported drivers and need to boot into Windows whenever I need to use the mic for whatever online meeting), why their laptop doesn’t sleep properly (finds out it was a kernel related issue, had to wait until the next update), touch sensor not working, and etc etc etc.

      No I am not going to stop using Linux people it is still my main OS for like 95% of my activities. But having to have my Windows partition there because my fucking microphone doesn’t work, NOT because I need it to run certain software, is the exact reason Linux will never be mainstream. But I guess you can keep pointing out Microsoft’s predatory actions instead of trying to fix Linux’s problems cause that’s productive aye?

      • Docus@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        24 days ago

        Thank you. The downvotes don’t bother me, but the attitude of some of these linux fans does. Skills issues my ass. I’m fairly IT literate. I can find my way around basic unix stuff for work, and don’t care if i have to spend some of the time i get paid for on reading man pages. But at home, my computer just needs to work. Linux is not ready for that, and some of these fanboys just put people off.

        • MagneticFusionOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          24 days ago

          Fr, and I was never the one that started complaining first saying Linux is difficult. I just came here to ask for advice and then you commented that stuff like this is why you don’t feel comfortable switching to Linux yet, and then you get attacked and I get indirectly attacked by these toxic nerds saying “okay enjoy getting spied on” or “read the fucking manual” or “skill issue”. Yea this is totally productive to the Linux community yea right.

      • DefederateLemmyMl@feddit.nl
        link
        fedilink
        arrow-up
        1
        arrow-down
        4
        ·
        24 days ago

        I have had so many instances of having to spend hours upon hours upon hours just do figure out how to do some basic shit on Linux that I can do on every operating system within a matter of 5 minutes

        skill issue.

      • Docus@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        24 days ago

        Did I say I want to keep using windows? I don’t. I want to get off W10 before that becomes an unsupported security risk, and won’t go to W11. All I said, or meant to say, is that I don’t feel comfortable yet to move to Linux, and posts like this don’t make me more confident that Linux is trouble free. It’s not just that I don’t want to spend hours fixing problems, it’s also for the sanity of my family who just need a working computer

        • MagneticFusionOP
          link
          fedilink
          arrow-up
          4
          arrow-down
          3
          ·
          24 days ago

          POV: Linux community is extremely toxic and wonders why nobody else in the tech world likes them. Insert surprised pikachu face