changes

1 files changed, 158 insertions, 0 deletions

diff --git a/stuff/mullvad-dot.html b/stuff/mullvad-dot.html
new file mode 100644
index 0000000..faea8f7
--- /dev/null
+++ b/stuff/mullvad-dot.html
@@ -0,0 +1,158 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>subh.space</title>
+    <style>
+        :root {
+            --bg0: #282828;
+            --bg1: #3c3836;
+            --fg: #ebdbb2;
+            --gray: #928374;
+            --yellow: #fabd2f;
+            --green: #b8bb26;
+            --orange: #fe8019;
+            --aqua: #8ec07c;
+        }
+
+        body {
+            font-family: 'Iosevka Nerd Font Propo', Iosevka;
+            line-height: 1.7;
+            color: var(--fg);
+            background-color: var(--bg0);
+            max-width: 780px;
+            margin: 40px auto;
+            padding: 0 20px;
+            -webkit-font-smoothing: antialiased;
+        }
+
+        h1 {
+            font-size: 2.2em;
+            color: var(--yellow);
+            border-bottom: 2px solid var(--bg1);
+            padding-bottom: 15px;
+            margin-bottom: 30px;
+        }
+
+        h2 {
+            font-size: 1.5em;
+            color: var(--aqua);
+            margin-top: 35px;
+            margin-bottom: 15px;
+            font-weight: 600;
+        }
+
+        p { margin-bottom: 1.2em; }
+
+        code {
+            font-family: 'Fira Code', 'JetBrains Mono', 'Courier New', monospace;
+            background-color: var(--bg1);
+            color: var(--orange);
+            padding: 3px 6px;
+            border-radius: 4px;
+            font-size: 0.9em;
+        }
+
+        pre {
+            background-color: #1d2021;
+            padding: 20px;
+            border-radius: 8px;
+            overflow-x: auto;
+            border: 1px solid var(--bg1);
+            margin-bottom: 1.5em;
+        }
+
+        pre code {
+            background-color: transparent;
+            padding: 0;
+            color: var(--fg);
+            color-scheme: dark;
+        }
+
+        .language-toml { color: var(--fg); }
+        .toml-key { color: var(--green); }
+        
+        ol, ul { margin-bottom: 1.5em; padding-left: 25px; }
+        li { margin-bottom: 0.8em; }
+        li pre { margin-top: 10px; margin-bottom: 10px; }
+
+    </style>
+</head>
+<body>
+
+<h1>DNS over TLS (DoT) with mullvad</h1>
+
+<p>This guide assumes that you're running a systemd-based operating system</p>
+
+<h2>1. Configure systemd-resolved to use mullvad's DNS server</h2>
+<p>Add the following block to your <code>/etc/systemd/resolved.conf</code></p>
+<pre><code class="language-toml"><span class="toml-key">[Resolve]</span>
+DNS=194.242.2.4#base.dns.mullvad.net
+FallbackDNS=194.242.2.2#dns.mullvad.net
+DNSOverTLS=yes
+DNSSEC=yes
+Domains=~.
+</code></pre>
+<p>Once the changes are saved, restart <code>systemd-resolved</code></p>
+<pre><code class="language-shell">sudo systemctl restart systemd-resolved
+</code></pre>
+
+<h2>2. Make systemd-resolve take precedence over resolve.conf</h2>
+<p>To make sure your system uses <code>systemd-resolved</code> over <code>resolv.conf</code>, you need to create a symlink as follows:</p>
+<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+</code></pre>
+
+<h2>3. Make sure DNS is working as intended</h2>
+<p>Make sure you're able to resolve domain names as follows:</p>
+<pre><code class="language-shell">resolvectl query google.com
+</code></pre>
+<p>If you see output, you're golden!</p>
+
+<h2>4. An Edge Cases:</h2>
+<p>If you're using a service such as tailscale which overrides your <code>resolv.conf</code> upon start with its own magicDNS server, it may break your DoT setup. To make sure, tailscale never overrides your <code>resolv.conf</code>, do the following</p>
+<ol>
+    <li>Re-create the symlink as it was likely broken when tailscale started</li>
+</ol>
+<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+</code></pre>
+<ol start="2">
+    <li>Restart <code>tailscaled</code> and <code>systemd-resolved</code></li>
+</ol>
+<pre><code class="language-shell">sudo systemctl restart tailscaled
+sudo systemctl restart systemd-resolved
+sudo tailscale up --accept-dns=true
+</code></pre>
+<ol start="3">
+    <li>Check your <code>resolve.conf</code></li>
+</ol>
+<p>If your <code>resolve.conf</code> looks as follows, you're all good!</p>
+<pre><code class="language-shell">nameserver 127.0.0.53
+options edns0 trust-ad
+search tailxxxxx.ts.net
+</code></pre>
+
+<h2>5. Configure Browsers with DoT</h2>
+<p>If previously, you've been using DoH (DNS Over HTTPS) in your browser, and want to shift to your new DoT configuration, do the following</p>
+<ol>
+    <li>
+        <p>For firefox based browsers:</p>
+        <ul>
+            <li>Navigate to <code>settings</code> -&gt; <code>Privacy and Security</code></li>
+            <li>Scroll down to <code>DNS over HTTPS</code></li>
+            <li>Select <code>Off</code></li>
+        </ul>
+    </li>
+    <li>
+        <p>For chromium based browsers:</p>
+        <ul>
+            <li>Navigate to <code>settings</code> -&gt; <code>Privacy and Security</code></li>
+            <li>Find <code>Use Secure DNS</code></li>
+            <li>Toggle it Off</li>
+        </ul>
+    </li>
+</ol>
+<p>And just like that, you've configured DoT for your system!</p>
+
+</body>
+</html>