Mullvad encrypted DNS is also available to all - whether paying for VPN services or not.<p>In addition they also support optional content blocking[1] via blocklists, just set the desired TLS/HTTPS DNS server.<p>[1] <a href="https://github.com/mullvad/dns-blocklists">https://github.com/mullvad/dns-blocklists</a>
Are these physical servers or VM's? I ask because some VM types can be frozen/shapshot/cloned or live replicated <i>including memory contents</i> as is done in some VPS providers for lawful requests. From the bare metal host anything can be accessed in a VM or container. Do they have a diagram of their physical setup?<p>[Edit] - Are there any Mullvad architects here that can help us avoid going down theoretical hypothetical rabbit holes and turtle stacks?
As a naive outsider: Does RAM in 2023 encrypt all its contents?<p>Can we reliably "forget" the contents of what's in RAM by powering-off and letting some encryption key somewhere fade from a smaller, more volatile piece of memory? I'm curious what has been done to mitigate cold-boot attacks in RAM. What has changed in hardware? Are the keys to encrypt contents of RAM kept in the TPM or something?
I contacted Mullvad, who confirmed that they only use bare metal - no virtualization or containerization whatsoever. <a href="https://ibb.co/XLDQGGt" rel="nofollow noreferrer">https://ibb.co/XLDQGGt</a>
I use Cloudflare's DoH DNS (<a href="https://1.1.1.1" rel="nofollow noreferrer">https://1.1.1.1</a>) and tunnel that over Mullvad's VPN.<p>That way Mullvad can only see the IPs I visit, Cloudflare only see DNS requests coming from the VPN IP, and my ISP sees nothing.<p>Mullvad's DoH DNS seems nice, but it provides potentially less privacy than the above, so I won't be using it.
I would like to see real statistics but my gut feeling from running read/write intensive data applications on SSD and ECC RAM is that both of them fail often enough that this move is somewhat lateral in terms of resiliency.<p>But in terms of clawing raw performance decimals, I applaud the effort. This would be a fun redis project.
I was extremely happy with everything mullvad was doing until they announced they were discontinuing port forwarding, which is important to a niche part of my setup. I understand the reasoning, but if it came back ever I would again happily be a customer.
I don't understand this. Don't all Linux processes "run in RAM"? It sounds like what they have <i>actually</i> accomplished here is eliminate all disk I/O requirements from their DNS service, i.e. it works against a read-only mounted root filesystem now. That's not really the same as "running in RAM".
> Today we can announce more steps forward - our Encrypted DNS service has also been converted to run from RAM!<p>Where exactly do services run from if not RAM? The post is very plain with no explanation of what "running from RAM" means. When you execute any binary it gets loaded into RAM as per standard operating system procedures...?