Mullvad VPN using dnscrypt-proxy instead of vpn dns

Hello, so i’ve added Encrypted DNS - NixOS Wiki into my system but i have a problem with dnscrypt-proxy when i connect to mullvad vpn i have a dns leak because the vpn is using dnscrypt-proxy dns…

Please is there a way to fix this issue ? I’ve find this topic talking about this subject : https:/

But nobody explain how to force VPN to use the vpn dns servers instead of dnscrypt-proxy :confused:

Nobobdy can help me ?..

If you are using wireguard, one approach is to use network namespaces. A network namespace gets a separate network stack and you can override things like nsswitch.conf on a per-namespace basis. WG works very well with this model as you can create an adapter in the default namespace and then move it inside the NS.

Here’s a flake with some sample code. And a bash script that does a similar thing.

Alternatively resolvconf can set up per-adapter DNS servers but I personally never had good experience with it.


First thank you for help ! But i’m using the GUI app and i don’t want to rely on wireguard conf file it’s too complicated to setup…

What about this ? How to fix DNS issues when using Mullvad + Wireguard + NetworkManager on Linux? | by Piotr Włodarek | Medium using systemd-resolved DNS instead of resolv.conf could resolve the issue or i’m wrong ?

The GUI app is probably very specific to your VPN provider and you may have better luck asking on the VPN provider’s forum/support channel/github issues/etc.

I did find WG configuration challenging at first, but there’s not really much to it. Once set up, I haven’t changed some of the network configs for a few years now. You can probably set up a wireguard point to point setup using two NixOS testdriver VMs to see how the configuration options work.

The blog post you mentioned seems to omit network manager configuration steps which may be necessary to get your setup to work.

1 Like

How did you determine that you have a DNS leak?

Online tools can only verify whether you’re using some provider’s DNS server or not. If you’re using dnscrypt, you’re most likely not using your VPN provider’s DNS but the dnscrypt traffic is still going via the proxy, so you’re not leaking any info.

I’m probably missing something… because when i go to the DNS used is dnscrypt proxy instead of mullvad vpn DNS

It’s doesn’t make any sense or i’m wrong ?..

Tools like that are what I meant; all it does is check whether you’re using their DNS servers or not.

What you actually care about is whether your DNS traffic is going via the VPN proxy or not.

1 Like

Oh thanks you !! I thought i was doing something wrong with my config please tell me how i can check if my DNS traffic is going via the VPN proxy ?

Okay so there is no DNS leak @Atemu is right tool like “lie” about your DNS leak

I checked with other site if there was a DNS leak and they showed me the DNS of mullvad so everything is okay !!

That mean DNScrypt-proxy is not doing any leak.

Thanks you @Atemu and @VTimofeenko for the help :slight_smile:

Well that’s a lot harder. I’d capture IP traffic and check whether DNS traffic is going via your hardware interface or VPN tunnel’s virtual one.

If your DNS is not your network’s local DNS but one on the internet (this is important!) and the default route is through the tunnel, I think it’d be a reasonable assumption that you wouldn’t have a DNS leak.

The only way to confirm is to look at network dumps though.

1 Like