🆕 Software Suggestion | Android (9+) Private DNS #1068

New Issue

2019-07-31T21:39:31Z

Mikaela commented

2019-07-31 21:39:31 +00:00

(Migrated from github.com)

Basic Information

Name: Private DNS
Category: Android Privacy Add-ons
URL: https://support.google.com/android/answer/9089903?hl=en

Description

Android supports DNS over TLS natively and it can be configured in Settings, Network & internet and then Advanced and then Private DNS. Shouldn't we recommend users to enable it?

Blocker/link-to: #1054 ?

Edit/addition: Warning? If your DoT provider (or port 853) is blocked, Android is going to report that the network has no connectivity.

## Basic Information **Name:** Private DNS **Category:** Android Privacy Add-ons **URL:** https://support.google.com/android/answer/9089903?hl=en ## Description Android supports DNS over TLS natively and it can be configured in *Settings, Network & internet and then Advanced and then Private DNS*. Shouldn't we recommend users to enable it? Blocker/link-to: #1054 ? Edit/addition: Warning? If your DoT provider (or port 853) is blocked, Android is going to report that the network has no connectivity.

Mikaela commented

2019-07-31 21:59:52 +00:00

(Migrated from github.com)

Oh, I forgot that MiUi hides the feature due to China(?) and it might be nice to list some workaround, preferably F-Droid one

https://www.xda-developers.com/enable-private-dns-xiaomi-devices-miui-10/

Edit: a friend suggested I might be able to find it from Activity Launcher (F-Droid app for opening hidden apps etc.), but I didn't find it yet, but that doesn't mean it's not there.

Oh, I forgot that MiUi hides the feature due to China(?) and it might be nice to list some workaround, preferably F-Droid one * https://www.xda-developers.com/enable-private-dns-xiaomi-devices-miui-10/ Edit: a friend suggested I might be able to find it from Activity Launcher (F-Droid app for opening hidden apps etc.), but I didn't find it yet, but that doesn't mean it's not there.

nitrohorse commented

2019-08-01 01:42:57 +00:00

(Migrated from github.com)

Good idea! I think we should recommend this; maybe below the ICANN DNS section?

Good idea! I think we should recommend this; maybe below the [ICANN DNS section](https://www.privacytools.io/providers/dns/#icanndns)?

Mikaela commented

2019-08-01 08:59:33 +00:00

(Migrated from github.com)

I think we should recommend this; maybe below the ICANN DNS section?

I am not entirely sure, because that is on a page for DNS providers, while we have separate Android section.

How about putting it to Android section, but having "see also Private DNS on our Android page" under ICANN DNS section?

> I think we should recommend this; maybe below the ICANN DNS section? I am not entirely sure, because that is on a page for DNS providers, while we have separate Android section. How about putting it to Android section, but having "see also Private DNS on our Android page" under ICANN DNS section?

Mikaela commented

2019-08-01 09:12:15 +00:00

(Migrated from github.com)

How about putting it to Android section, but having "see also Private DNS on our Android page" under ICANN DNS section?

Or the other way probably works too?

Logo ideas:

which don't look that good outside of my head, and all our DNS providers are warninged somehow. I didn't think of the smaller one until I saw it and I would need to change my language to take the screenshot again, but I am in a bit hurry right now and there is no hurry until something is actually done.

> How about putting it to Android section, but having "see also Private DNS on our Android page" under ICANN DNS section? Or the other way probably works too? Logo ideas: ![private-dns-dark](https://user-images.githubusercontent.com/831184/62280875-3fa00580-b43c-11e9-938b-f7ace7c7481b.png) ![private-dns-menu](https://user-images.githubusercontent.com/831184/62280877-40389c00-b43c-11e9-8f69-d80cf7ffbd72.png) which don't look that good outside of my head, and all our DNS providers are warninged somehow. I didn't think of the smaller one until I saw it and I would need to change my language to take the screenshot again, but I am in a bit hurry right now and there is no hurry until something is actually done.

beerisgood commented

2019-08-01 09:37:15 +00:00

(Migrated from github.com)

Remember that this doesn't work (yet) with Blokada. But they still work on it

Mikaela commented

2019-08-01 11:57:14 +00:00

(Migrated from github.com)

Oh, yes, the problem is that when a VPN is enabled, DoT is not used as the traffic goes through the VPN instead and the VPN decides what DNS servers it wants to use. I guess this should have a warning label while noting that DoT can possibly protect the DNS query to the VPN server assuming it's not using the IP address directly?

I think the Blokada issue is https://github.com/blokadaorg/blokada/issues/198 and it's just going to add an option to their settings to use DoT instead of using the Android setting, but I am not sure.

From that issue I think the comments that are worth noting are:

There is also some misinformation there, such as (correct information below):

https://dnscrypt.info/faq/ has comparsion where DNSCrypt seems potentially better than DoH (both use same port 443) and DoT, however being dnscrypt's homepage it may be biased.
Android 9 does not support DNS over HTTPS natively, only DoT which this (PTIO) issue is about. The DoH would be #1069.

Oh, yes, the problem is that when a VPN is enabled, DoT is not used as the traffic goes through the VPN instead and the VPN decides what DNS servers it wants to use. I guess this should have a warning label while noting that DoT can possibly protect the DNS query to the VPN server assuming it's not using the IP address directly? I think the Blokada issue is https://github.com/blokadaorg/blokada/issues/198 and it's just going to add an option to their settings to use DoT instead of using the Android setting, but I am not sure. From that issue I think the comments that are worth noting are: * https://github.com/blokadaorg/blokada/issues/198#issuecomment-413587677 * https://github.com/blokadaorg/blokada/issues/198#issuecomment-419892999 There is also some misinformation there, such as (correct information below): * https://dnscrypt.info/faq/ has comparsion where DNSCrypt seems potentially better than DoH (both use same port 443) and DoT, however being dnscrypt's homepage it may be biased. * Android 9 does not support DNS over HTTPS natively, only DoT which this (PTIO) issue is about. The DoH would be #1069.

This repo is archived. You cannot comment on issues.