From 214242ff629ddf16f766757d2564ec0c522e25df Mon Sep 17 00:00:00 2001
From: Nahum Shalman <nahamu@gmail.com>
Date: Tue, 23 Aug 2022 01:53:03 +0000
Subject: [PATCH] net/dns/publicdns: Add Mullvad DoH

See https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/

The Mullvad DoH servers appear to only speak HTTP/2 and
the use of a non-nil DialContext in the http.Transport
means that ForceAttemptHTTP2 must be set to true to be
able to use them.

Signed-off-by: Nahum Shalman <nahamu@gmail.com>
---
 net/dns/publicdns/publicdns.go | 10 ++++++++++
 net/dns/resolver/forwarder.go  |  1 +
 2 files changed, 11 insertions(+)

diff --git a/net/dns/publicdns/publicdns.go b/net/dns/publicdns/publicdns.go
index 76467004a..92bbbedd2 100644
--- a/net/dns/publicdns/publicdns.go
+++ b/net/dns/publicdns/publicdns.go
@@ -95,4 +95,14 @@ func populate() {
 	addDoH("149.112.112.10", "https://dns10.quad9.net/dns-query")
 	addDoH("2620:fe::10", "https://dns10.quad9.net/dns-query")
 	addDoH("2620:fe::fe:10", "https://dns10.quad9.net/dns-query")
+
+	// Mullvad
+	addDoH("194.242.2.2", "https://doh.mullvad.net/dns-query")
+	addDoH("193.19.108.2", "https://doh.mullvad.net/dns-query")
+	addDoH("2a07:e340::2", "https://doh.mullvad.net/dns-query")
+
+	// Mullvad -Ads
+	addDoH("194.242.2.3", "https://adblock.doh.mullvad.net/dns-query")
+	addDoH("193.19.108.3", "https://adblock.doh.mullvad.net/dns-query")
+	addDoH("2a07:e340::3", "https://adblock.doh.mullvad.net/dns-query")
 }
diff --git a/net/dns/resolver/forwarder.go b/net/dns/resolver/forwarder.go
index f51325e80..7fda4aca9 100644
--- a/net/dns/resolver/forwarder.go
+++ b/net/dns/resolver/forwarder.go
@@ -406,6 +406,7 @@ func (f *forwarder) getKnownDoHClientForProvider(urlBase string) (c *http.Client
 	})
 	c = &http.Client{
 		Transport: &http.Transport{
+			ForceAttemptHTTP2: true,
 			IdleConnTimeout: dohTransportTimeout,
 			DialContext: func(ctx context.Context, netw, addr string) (net.Conn, error) {
 				if !strings.HasPrefix(netw, "tcp") {