This is an option that will work. There may be better, but I do not have a Mullvad VPN account anymore, so I can’t make any test to provide something better.
From what I understand you’re last step in the guide on “preventing dns leaks”…
# Redirect all the DNS traffic to the preferred DNS server
DNS=9.9.9.9
I will try this now.
you need the nftables rules that comes with this, the piece of code you quoted is just a variable assigned, it does nothing.
You mean the 3 nft add chain commands below, yeah I added those and restarted the sys-vpn qube but curl https://am.i.mullvad.net still fails.
I think the killswitch is using PostUp and PreDown commands in the configuration. This may screw a bit Qubes OS nftables setup.
Could you try with a non killswitch configuration file? The killswitch can be implemented using Qubes OS firewall. (and better than from the configuration file)
I figured you would ask me that haha.
I will try now mate.
No it does not like that.
Tried non kill switch .conf
This does not work for the sys-vpn qube itself in fact. The rules are only applied to NAT packets… 
Setting a DNS address in network manager may be enough for all maybe?
Hmm, that’s very interesting. My Proton VPN connection stopped working this morning, also.
Is it a Qubes OS problem maybe? Like a bad update or something?
Can I do this via the Qubes settings tab for sys-vpn or via cli within the qube?
I did the below to set DNS address
nmcli connection modify “your-connection-name” ipv4.dns "9.9.9.9``
nmcli connection down “your-connection-name”
nmcli connection up “your-connection-name”
they had an incident today
could you do this as well for the “virtual” network eth0? I don’t know how it’s called. Try to run /usr/lib/qubes/qubes-setup-dnat-to-ns after
I see.
Sure enough, there’s an incident listed on https://status.proton.me/ from today. Looks like all the Proton services are supposed to be back up though.
Thanks for the heads up
ran that command mate
I have the below setup.
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 9.9.9.9
DNS Servers: 9.9.9.9
Link 2 (eth0)
Current Scopes: none
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (vpn)
Current Scopes: DNS
Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 9.9.9.9
DNS Servers: 9.9.9.9
DNS Domain: ~.
but did it help?
curl https://am.i.mullvad.net/connected
curl: (6) Could not resolve host: am.i.mullvad.net
can you share the output of systemd-resolve am.i.mullvad.net ?
am.i.mullvad.net: resolve call failed: Lookup failed due to system error: Connection refused
By the way is there a cap on the number of messages I can make. I keep getting blocked from posting to this thread for some reason.
Right so I’ve managed to fix it.
Man what a painful experience haha
Thanks @solene for the guidance
Turned out the Wireguard server I was connecting to was the issue. I tried a different 1 but that did not work either. Well a few hours later and per some blood and tears, I decided to use a another server from Mullvad and lo and behold, that 1 works.
And yeah looks like this is a Mullvad issue, I only noticed as another 1 of my devices could not resolve hostnames on the same 2 wireguard servers I was struggling with over Qubes.