|
|
|
|
|
|
by orivej
2949 days ago
|
|
|
I believe I can quote the response to my support request: «We added iptables rules to hijack all DNS requests on port 53 going via the VPN tunnel, this is to protect users having set a DNS server unknowingly (or by malware). We are aware that not all users want this behaviour, and we intend to add an extra port that OpenVPN listens on, where DNS hijacking will not happen.» Some VPN providers (including Mullvad) have a client-side feature called DNS leak protection that configures the system to use the provider's DNS server. I don't know how Mullvad decided that this was not enough, and they are justified to intercept DNS. (Note that for the server-side intervention to work, the client side must be configured not to use ISP DNS, hence the client-side DNS leak protection is a prerequisite.) |
|
|