I was already using these two DNS services (one on my laptop, the other on my iPhone), and they worked as advertised. Then, I paid for Mullvad VPN a month ago, and it has been smooth sailing since then so I stopped the DNS services.
However, if I use the DNS services along with Mullvad, would the whole setup be redundant?
Would there be an increase/decrease in browsing performance?
Would there be a security risk? Or, on the other hand, would it be better for security?
Also, I don’t want to make a new thread on this: I just disabled the custom DNS setting in Chrome as advised by Mullvad, was that needed?
If you want to use 3rd-party DNS you need to set them in the VPN app that you use, mullvad in this case, or the Wireguard app if you use it instead of the official app. WARP should be disabled.
Would there be an increase/decrease in browsing performance?
DNS can affect your browsing performance, but it’s all based on a case-by-case basis unless you use a resolver that’s located on the other side of the world.
Cloudflare generally is the fastest resolver around the globe.
In addition to the time that it takes to resolve a website, different DNS can also direct you to different content servers for the same website which can affect the loading speed of such websites. For example, let’s say reddit has three servers EU1, EU2, EU3 and different DNS may point you to a different EU server which can affect loading times.
Set 1.1.1.1 or NextDNS as your custom DNS in mullvad app and see if you notice any difference in performance on the websites that you generally visit.
Most of the time however the difference between various DNS won’t be very noticeable.
Would there be a security risk? Or, on the other hand, would it be better for security?
Technically yes. Cloudflare or NextDNS, or any other DNS provider will be able to see what sites you request via their services. If you trust the DNS provider, then it’s not a problem.
To use a custom DNS like 1.1.1.1 with Mullvad you must turn each one of those off. Of course, you could choose a different DNS address or service like NEXTDNS that allows you to manage visibility of those kinds of sites as well.
I don’t think 1.1.1.1 blocks them by default, you’d need to use their two other options: 1.1.1.2 (blocks malware) and 1.1.1.3 (blocks malware and adult content)
Say you are using wireguard but cloudflare for DNS.
Would cloudflare see your ISP IP or your wireguard mullvad IP? Or would cloudflare be able to gather any personally identifying info from just using their DNS?
I don’t see these options to block content in the mullvad app. Or is that not available there? I only see those options when creating wireguard config files
You’re correct of course, most of the time it’s not going to matter, and especially with an example of browsing one website.
It’s mostly why I mentioned CDNs too since you can get routed to some problematic CDN which can impact the performance. I remember at one point Google’s DNS was directing me to fastly’s CDNs on another continent while Cloudflare resolved closest fastly’s servers.
On my connection mullvad DNS was never reliable, I definitely felt slower initial resolution on some websites as well as occasional random fails at resolving websites, so I don’t use it. But that’s just my experience.
That said, DNS varies a lot by region and vendor. Using 1.1.1.1 if you are in Africa, let’s say, then your 1.1.1.1 resolve time averages 39ms. If you are in , in the U.S. 6.74ms.
Vendorwise, GoDaddy averages 38.65ms while Cloudflare averages 12.38ms
Generally, DNS should go through the VPN connection.
Or would cloudflare be able to gather any personally identifying info from just using their DNS?
IIRC Cloudflare doesn’t collect/store personally identifiable information and anonymizes IP addresses with all the basic logs stored only for 24 hours in a volatile storage (RAM).
In the scenario where you use wireguard VPN but use cloudflare for DNS, would wireguard VPN company be able to see what websites you visit? Or only the cloudflare DNS company can? Or do they both?