summaryrefslogtreecommitdiff
path: root/stuff/mullvad-dot.html
diff options
context:
space:
mode:
Diffstat (limited to 'stuff/mullvad-dot.html')
-rw-r--r--stuff/mullvad-dot.html257
1 files changed, 150 insertions, 107 deletions
diff --git a/stuff/mullvad-dot.html b/stuff/mullvad-dot.html
index faea8f7..ab54d3e 100644
--- a/stuff/mullvad-dot.html
+++ b/stuff/mullvad-dot.html
@@ -3,156 +3,199 @@
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>subh.space</title>
+ <title>DoT with Mullvad - subh.space</title>
<style>
+ /* Gruvbox Dark Hard Palette */
:root {
- --bg0: #282828;
- --bg1: #3c3836;
+ --bg-outer: #1d2021;
+ --bg-inner: #282828;
--fg: #ebdbb2;
--gray: #928374;
--yellow: #fabd2f;
- --green: #b8bb26;
- --orange: #fe8019;
--aqua: #8ec07c;
+ --blue: #83a598;
+ --orange: #fe8019;
+ --line: #3c3836;
}
body {
- font-family: 'Iosevka Nerd Font Propo', Iosevka;
- line-height: 1.7;
+ background-color: var(--bg-outer);
color: var(--fg);
- background-color: var(--bg0);
- max-width: 780px;
- margin: 40px auto;
- padding: 0 20px;
- -webkit-font-smoothing: antialiased;
+ font-family: 'Iosevka Nerd Font Propo';
+ margin: 0;
+ padding: 0;
+ display: flex;
+ flex-direction: column;
+ align-items: center;
+ min-height: 100vh;
+ }
+
+ header {
+ padding: 2.5rem 1rem;
+ display: flex;
+ gap: 1.5rem;
+ justify-content: center;
+ flex-wrap: wrap;
+ }
+
+ header a {
+ color: var(--aqua);
+ text-decoration: none;
+ font-weight: bold;
+ }
+
+ header a:hover {
+ text-decoration: underline;
+ }
+
+ .container {
+ background-color: var(--bg-inner);
+ width: 90%;
+ max-width: 750px;
+ padding: 3rem;
+ border-radius: 4px;
+ box-shadow: 0 4px 15px rgba(0,0,0,0.5);
}
h1 {
- font-size: 2.2em;
color: var(--yellow);
- border-bottom: 2px solid var(--bg1);
- padding-bottom: 15px;
- margin-bottom: 30px;
+ font-size: 1.8rem;
+ margin-top: 0;
+ margin-bottom: 1rem;
+ line-height: 1.2;
}
h2 {
- font-size: 1.5em;
- color: var(--aqua);
- margin-top: 35px;
- margin-bottom: 15px;
- font-weight: 600;
+ color: var(--orange);
+ font-size: 1.3rem;
+ margin-top: 2rem;
+ margin-bottom: 0.8rem;
}
- p { margin-bottom: 1.2em; }
+ p {
+ line-height: 1.6;
+ margin-bottom: 1rem;
+ }
code {
- font-family: 'Fira Code', 'JetBrains Mono', 'Courier New', monospace;
- background-color: var(--bg1);
- color: var(--orange);
- padding: 3px 6px;
- border-radius: 4px;
- font-size: 0.9em;
+ color: var(--blue);
+ font-family: 'JetBrains Mono', Courier, monospace;
+ font-size: 0.95rem;
}
pre {
- background-color: #1d2021;
- padding: 20px;
- border-radius: 8px;
+ background-color: var(--bg-outer);
+ padding: 1.2rem;
+ border-radius: 4px;
+ border: 1px solid var(--line);
overflow-x: auto;
- border: 1px solid var(--bg1);
- margin-bottom: 1.5em;
+ margin: 1.5rem 0;
}
pre code {
- background-color: transparent;
- padding: 0;
- color: var(--fg);
- color-scheme: dark;
+ color: var(--blue);
+ font-size: 0.9rem;
+ white-space: pre;
}
- .language-toml { color: var(--fg); }
- .toml-key { color: var(--green); }
-
- ol, ul { margin-bottom: 1.5em; padding-left: 25px; }
- li { margin-bottom: 0.8em; }
- li pre { margin-top: 10px; margin-bottom: 10px; }
+ .comment {
+ color: var(--gray);
+ }
+
+ .browser-box {
+ border-left: 3px solid var(--line);
+ padding-left: 1.5rem;
+ margin: 1.5rem 0;
+ }
+
+ .browser-title {
+ color: var(--aqua);
+ font-weight: bold;
+ display: block;
+ margin-bottom: 0.5rem;
+ }
+ footer {
+ margin: 3rem 0;
+ color: var(--gray);
+ font-size: 0.85rem;
+ text-align: center;
+ }
</style>
</head>
<body>
-<h1>DNS over TLS (DoT) with mullvad</h1>
+ <header>
+ <a href="../index.html">home</a>
+ <a href="https://git.subh.space">git</a>
+ <a href="https://github.com/5epi0l">github</a>
+ <a href="https://notes.subh.space">notes</a>
+ <a href="https://www.hackthebox.com">hackthebox</a>
+ </header>
+
+ <main class="container">
+ <h1>DNS over TLS (DoT) with Mullvad</h1>
+
+ <p>This guide assumes that you're running a <strong>systemd-based</strong> operating system.</p>
-<p>This guide assumes that you're running a systemd-based operating system</p>
+ <h2>1. Configure systemd-resolved</h2>
+ <p>Add the following block to your <code>/etc/systemd/resolved.conf</code>:</p>
-<h2>1. Configure systemd-resolved to use mullvad's DNS server</h2>
-<p>Add the following block to your <code>/etc/systemd/resolved.conf</code></p>
-<pre><code class="language-toml"><span class="toml-key">[Resolve]</span>
+ <pre><code>[Resolve]
DNS=194.242.2.4#base.dns.mullvad.net
FallbackDNS=194.242.2.2#dns.mullvad.net
DNSOverTLS=yes
DNSSEC=yes
-Domains=~.
-</code></pre>
-<p>Once the changes are saved, restart <code>systemd-resolved</code></p>
-<pre><code class="language-shell">sudo systemctl restart systemd-resolved
-</code></pre>
-
-<h2>2. Make systemd-resolve take precedence over resolve.conf</h2>
-<p>To make sure your system uses <code>systemd-resolved</code> over <code>resolv.conf</code>, you need to create a symlink as follows:</p>
-<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
-</code></pre>
-
-<h2>3. Make sure DNS is working as intended</h2>
-<p>Make sure you're able to resolve domain names as follows:</p>
-<pre><code class="language-shell">resolvectl query google.com
-</code></pre>
-<p>If you see output, you're golden!</p>
-
-<h2>4. An Edge Cases:</h2>
-<p>If you're using a service such as tailscale which overrides your <code>resolv.conf</code> upon start with its own magicDNS server, it may break your DoT setup. To make sure, tailscale never overrides your <code>resolv.conf</code>, do the following</p>
-<ol>
- <li>Re-create the symlink as it was likely broken when tailscale started</li>
-</ol>
-<pre><code class="language-shell">sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
-</code></pre>
-<ol start="2">
- <li>Restart <code>tailscaled</code> and <code>systemd-resolved</code></li>
-</ol>
-<pre><code class="language-shell">sudo systemctl restart tailscaled
+Domains=~.</code></pre>
+
+ <p>Once the changes are saved, restart systemd-resolved:</p>
+ <pre><code>sudo systemctl restart systemd-resolved</code></pre>
+
+ <h2>2. Symlink resolv.conf</h2>
+ <p>To make sure your system uses systemd-resolved over the traditional resolv.conf, create a symlink:</p>
+ <pre><code>sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf</code></pre>
+
+ <h2>3. Verify DNS resolution</h2>
+ <p>Check if you are able to resolve domain names correctly:</p>
+ <pre><code>resolvectl query google.com</code></pre>
+ <p>If you see output, you're golden!</p>
+
+ <h2>4. Edge Cases: Tailscale</h2>
+ <p>If you're using a service such as <strong>Tailscale</strong> which overrides your <code>resolv.conf</code> with MagicDNS, it may break your DoT setup. To fix this:</p>
+
+ <ol>
+ <li>Re-create the symlink: <code>sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf</code></li>
+ <li>Restart the services:</li>
+ </ol>
+
+ <pre><code>sudo systemctl restart tailscaled
sudo systemctl restart systemd-resolved
-sudo tailscale up --accept-dns=true
-</code></pre>
-<ol start="3">
- <li>Check your <code>resolve.conf</code></li>
-</ol>
-<p>If your <code>resolve.conf</code> looks as follows, you're all good!</p>
-<pre><code class="language-shell">nameserver 127.0.0.53
+sudo tailscale up --accept-dns=true</code></pre>
+
+ <p>If your <code>resolve.conf</code> looks like this, you're all good:</p>
+ <pre><code>nameserver 127.0.0.53
options edns0 trust-ad
-search tailxxxxx.ts.net
-</code></pre>
-
-<h2>5. Configure Browsers with DoT</h2>
-<p>If previously, you've been using DoH (DNS Over HTTPS) in your browser, and want to shift to your new DoT configuration, do the following</p>
-<ol>
- <li>
- <p>For firefox based browsers:</p>
- <ul>
- <li>Navigate to <code>settings</code> -&gt; <code>Privacy and Security</code></li>
- <li>Scroll down to <code>DNS over HTTPS</code></li>
- <li>Select <code>Off</code></li>
- </ul>
- </li>
- <li>
- <p>For chromium based browsers:</p>
- <ul>
- <li>Navigate to <code>settings</code> -&gt; <code>Privacy and Security</code></li>
- <li>Find <code>Use Secure DNS</code></li>
- <li>Toggle it Off</li>
- </ul>
- </li>
-</ol>
-<p>And just like that, you've configured DoT for your system!</p>
+search tailxxxxx.ts.net</code></pre>
+
+ <h2>5. Configure Browsers</h2>
+ <p>If you were previously using DoH (DNS Over HTTPS) and want to shift to system-wide DoT:</p>
+
+ <div class="browser-box">
+ <span class="browser-title">Firefox-based browsers:</span>
+ <p>Settings -> Privacy and Security -> DNS over HTTPS -> <strong>Off</strong></p>
+ </div>
+
+ <div class="browser-box">
+ <span class="browser-title">Chromium-based browsers:</span>
+ <p>Settings -> Privacy and Security -> Use Secure DNS -> <strong>Off</strong></p>
+ </div>
+
+ <p>And just like that, you've configured DoT for your system!</p>
+ </main>
+
+ <footer>
+ © 2026 subh.space
+ </footer>
</body>
</html>
© 2026 subh.space