Encrypted NextDNS profile somehow working alongside Mullvad VPN on MacOS

I’ve been using Mullvad and wanted to try NextDNS after seeing the custom DNS video.

It seems from reading around that Mullvad will prioritize its own DNS servers over the system profile, and that applying a custom DNS through the app will result in loss of DOH/DOT. But somehow I’ve managed to make this work?

I generated an encrypted DNS profile for Mac using the official Apple profile generator on NextDNS. I did not alter any settings in the Mullvad application and did not enable custom DNS settings.

I went to mullvad.net where I discovered that the DNS queries were being leaked to NextDNS, which was unexpected as custom DNS was not enabled. I then went to my NextDNS analytics which showed that 100% of all queries were encrypted.

I restarted my device, restarted the Mullvad application, and changed servers. It appears that the DNS queries are being sent from the VPN IP address, not the ISP IP, and that they are encrypted.

My question is whether or not this is an actual, safe, working configuration or if I’ve done something dumb and f*cked up.

So I use Mullvad VPN and NextDNS. I went into Mullvad app settings into the custom DNS using IPV6 Address by enabling IPV6 address and adding NextDNS IPV6 Address. Which is DOT and not DOH.

It works fine for me. I see all the logs.

I personally turn off encrypted DNS profiles for Mac and IOS.

1 Like