I try to use “private DNS” option in my phone’s settings, but it often does not work, and therefore privacy cannot be protected all the time. Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)? Also if I understand well, it uses DNS over TLS, but I’m curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it…also it uses IP address instead of hostname). Why no one is seeing this problem and no one wants to address it? I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).
WHY this function requires hostname
Because it uses DoH and not DoT.
I also had issues like this, so I just sidestepped it and setup AdGuard Home. When away from the house I use RethinkDNS.
Yeah the thing is, if DOT is default in android system, and there is no option to use DOH, why there is no app that uses DOH? Also I cannot move to my own swtup i got no public IP
Because it uses DoH and not DoT.
other way around, but yes
I think Quad9 works as a VPN app, and you cannot use a VPN app and private DNS at the same time. You have to use one or the other.
Well, I meant by using it and private DNS set on auto (in that case off, cuz network has not provided one) it could not start
Try to search for “private DNS” in the settings.
NextDNS and ReThinkDNS might be helpful, mullvad DNS, adguard DNS, also helpful
I use DNS over TLS on my POCO device and it works as expected. What do you mean about “it uses ip adress instead of hostname” ? Here is my setup :
If you still have a problem, try “invizible pro” app. You can setup dnscrypt instead of DOT.
Invizible Pro is an “must have” on the phone, (!) but download it from F-Droid, not from Google Play
From the description:
InviZible Pro is an all-in-one program. After installing it, you can easily delete all of your VPN applications and ad blockers. In most cases, InviZible Pro works better, is more stable, and faster than free VPNs.
Obviously it would be better than free VPN services. But I’m wondering how it would stack with my current set up. I already paid for NextDNS and PIA. Usually I don’t run PIA unless I want to access spicy stuff. And 99.999% my NextDNS stuff works fine.
I’d love to pay less but I also want to know what I’m trading for it
I understand your point of view and I think that, if you already pay for an service which works for you, than changing to another is only an option and only recommended if you woun’t pay anymore for it. You can still test InviZible Pro apart, without a risk, because it’s FOSS, pausing your current service.
This is why I always look for an free, or better OpenSource alternative, before I use an paid one (in over 20 years this I never had needed). The first look for a needed soft or service is always in AlternativeTo.
Good point. I’ll try invizible.
I chose NextDNS when Android supports custom DNS. And dont wamt to run a “VPN” all the time. It just works for my threat model.
Found out about it from Tech Lore. Customizing the filters just felt natural since that’s what I do with ublock anyways
PIA I use for torrenting as well so I don’t think I’ll ever stop that subscription
The problem is with “as expected” that you enter hostname instead of ip address, and therefore your phone has to use unencrypted DNS to get your encrypted DNS IP address first, also for some reason IPS probably can detect DNS over TLS, and filter it out
you understandably sound confused
I try to use “private DNS” option in my phone’s settings, but it often does not work, and therefore privacy cannot be protected all the time.
when you have private DNS enabled, you have no connection if it fails. Is it in “auto” or is there a fallback option?
Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)?
🤔
Also if I understand well, it uses DNS over TLS, but I’m curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it…also it uses IP address instead of hostname).
you shouldn’t use both, iirc. Your browser is bypassing your “DNS over TLS” in this case
Why no one is seeing this problem and no one wants to address it?
because there is no problem?
I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).
quad9 app works as a vpn. What do you mean by “it does not work either”?
Well there is a problem, because if you enter hostname in private DNS field, this hostname has to be resolved first, therefore your phone has to query DNS by using unencrypted DNS provided by network configuration…and for some reason I guess IPS in a network can detect this DNS over TLS traffic and filter it out. Also isn’t it better to use double encryption instead of just 1? Like what’s wrong with my browser resolving hostnames on its own, its even better imo.
