DNS leak while using mullvad via wireguard

Hello guys. New to Linux and Manjaro. I was able to setup mullvad through wireguard by following the official tutorial. However when I check the mullvad site, it shows I have dnsleaks. The /etc/resolv.conf contains only the DNS server of mullvad.

Did you use systemd-resolved? If you do your system don’t uses /etc/resolv.conf anymore.
Check it with

systemctl status systemd-resolved

Also keep in mind that some modern Browser use their own DNS settings. Firefox for example, if you use DoH. If you do the contend of /etc/resolv.conf will also be ignored. But it would not be a real DNS leak, depending on your definition of DNS leaks.

Yes the command shows systemd-resolved as active and running. How do I go about now?

As far as Firefox is concerned I disabled their DoH as recommended by mullvad.

You can disable it. For testing you can stop it first.

 systemctl stop systemd-resolved

It will be restarted on the next boot. If you disable it, make sure that the /etc/resolv.conf will be correctly set up if you don’t use the VPN.

Also make sure /etc/resolv.conf is a real file. With systemd-resolved it is usually just a link to a file controlled by systemd-resolved.

No DNS leaks now after stopping systemd-resolved.

There is a file /etc/resolvconf.conf which inturn points to /etc/resolv.conf. I edited the resolv.conf with the mullvad DNS (this file reverts to default DNS on boot).

You can stop systemd-resolved every time you wan to use a VPN or you can disable it for ever. If you disable it, make sure you switch to a more traditional way to update /etc/resolv.conf after a Network change. If you don’t change your Network that often, a fixed /etc/resolv.conf might also work for you.

Thank you for the help. For now, I have disabled systemd-resolved and made Network Manager to not touch /etc/resolv.conf. That works for me.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.