After reading the topic below I would like to ask some feedback from fellow XDA members:
https://forums.oneplus.com/threads/secondary-dns-forced-to-8-8-8-8.999920/
What needs to be done from your side:
You need to be on OxygenOS, not custom rom.
Make sure DHCP (your router most likely) feed LAN devices with a single DNS server
Check your OP device if it assigns itself Google DNS as a second dns server. To do so just tap on the connected WiFi (Under Settings -> WiFi & Internet -> WiFi) and scroll down where the DNS Field is.
If that's the case, at least in my mind this is a privacy violation (who asked my permission to feed google with all my resolving data?) at least.
Could I have some feedback on this please?
Never noticed this before...you ask a valid question in my mind. Hopefully someone can give us some reliable feedback. It appears that you can choose to use a static IP in the WiFi settings and enter two of your own DNS addresses. If that is the case then you can use the same one that your router uses or one of those that doesn't track you???
The OS shouldn't add a DNS server on its own so it would be good to find what's causing this issue for you.
What I can say is that Omnirom does no such thing, just checked on my device
Sent from my ONEPLUS A6003 using Tapatalk
Cave_diver said:
The OS shouldn't add a DNS server on its own so it would be good to find what's causing this issue for you.
What I can say is that Omnirom does no such thing, just checked on my device
Click to expand...
Click to collapse
This in not just me, there are plenty of people reporting the same on the provided link.
Also, Omnirom or any other custom roms are unrelated.
I'm interested in OOS feedback.
Please don't derail the thread
You didn't specifically mention OOS in your first post so I figured it was worth pointing out that it appears to be an OOS issue, not a general pho n/vendor/driver issue.
FWIW, the DNS settings should be somewhat irrelevant anyway since Pie offers the private DNS feature which should fix this and other privacy concerns by overriding the DNS settings and encrypting DNS traffic.
Sorry for "derailing" your thread, good luck with it.
P.S: why even ask on XDA for people to verify what has been well established on another forum and by yourself?
Sent from my ONEPLUS A6003 using Tapatalk
Cave_diver said:
FWIW, the DNS settings should be somewhat irrelevant anyway since Pie offers the private DNS feature which should fix this and other privacy concerns by overriding the DNS settings and encrypting DNS traffic.
Click to expand...
Click to collapse
That's not the point. The point is that if OxygenOS feeds our devices with a 3rd party DNS server without user knowledge or confirmation is unethical and in many cases illegal.
Cave_diver said:
P.S: why even ask on XDA for people to verify what has been well established on another forum and by yourself?
Click to expand...
Click to collapse
Because I need confirmation from more than 4-5 people (including myself)
DenyDarko said:
That's not the point. The point is that if OxygenOS feeds our devices with a 3rd party DNS server without user knowledge or confirmation is unethical and in many cases illegal.
Because I need confirmation from more than 4-5 people (including myself)
Click to expand...
Click to collapse
I agree with it being a bad idea on behalf of OP and something that needs to be fixed immediately.
Having said that, it was probably either by mistake or due to some tech staff thinking he might be doing users a service. I doubt it was a deliberate effort to gain data or any other benefit on the behalf of OP
Sent from my ONEPLUS A6003 using Tapatalk
I can confirm that I get the 8.8.8.8 in DNS
I am on OS Beta 14 unrooted etc etc.
8.8.8.8 is Google's DNS servers, it had the exact same setting on my Nexus 6. You can easily remove the setting via the modify DNS server setting.
You might want to disable Google's async DNS setting in Chrome or any Chrome based browser too.
Can confirm 8.8.8.8 sitting there on OOS 9.0.4
DenyDarko said:
Could I have some feedback on this please?
Click to expand...
Click to collapse
Same sh*t on OP7.
Did you find any way to disable this thing?
You'll find it's a Google thing not a OnePlus thing. Google products get really ****ty if they can't get to Google DNS servers. To help ease your mind you can use Private DNS which should send everything through that DNS over TLS server, secondly within DHCP assign a Primary and Secondary DNS which should override Google in the Secondary, lastly if you are running a firewall such as pfSense and not a home router you can setup rules to redirect all external DNS queries to the internal resolver.
vampyre_masq said:
You'll find it's a Google thing not a OnePlus thing. Google products get really ****ty if they can't get to Google DNS servers. To help ease your mind you can use Private DNS which should send everything through that DNS over TLS server, secondly within DHCP assign a Primary and Secondary DNS which should override Google in the Secondary, lastly if you are running a firewall such as pfSense and not a home router you can setup rules to redirect all external DNS queries to the internal resolver.
Click to expand...
Click to collapse
In my case i cannot set a secondary DNS via DHCP (because my router has only primary DNS setting available).
Btw, the problem seems related to this setting (https://discourse.pi-hole.net/t/disable-async-dns-resolver-in-google-chrome/9500) which sometimes, for unknown reasons, force Chrome to use secondary DNS, even if primary is fully reachable.
Crazy! Mine is that way too. Thanks for heads up! I changed mine to automatic and now my router controls it and Google's dns is gone! I was wondering why my send and receive on websites was slow since pie. This seems to have resolved it!
Related
Would like to edit my DNS settings on this. Is it possible? After hearing what sounds like a DNS poisoning, would like to swap out TMOs DNS for another provider.
Grab anycut off the marketplace.
Long tap on the desktop -> shortcut -> activity -> ip settings.
I've been using openDNS from the moment I got the phone. Works like a charm.
edit - shouldn't have replied that quickly... this only works for WiFi as far as I know... but I haven't tested that. Will do so now.
edit 2 - well... scratch all that. I just tested opendns on both wifi at my home and using edge and both did not work. I guess ip settings doesn't work?
That is a nice find for when you are on wifi. It doesn't change your DNS when you are on the network. I have also wanted to change my DNS to Opendns but have not found a way to change dns on data connection. Any help would be appreciated.
angel-78 said:
That is a nice find for when you are on wifi. It doesn't change your DNS when you are on the network. I have also wanted to change my DNS to Opendns but have not found a way to change dns on data connection. Any help would be appreciated.
Click to expand...
Click to collapse
Can you confirm that is works for wifi? Opendns.com/org isn't showing that it's working for me.
Ummm opendns.com/org doesn't work for me and I am on opendns
Stupid question: why are you worried about DNS poisoning? I'm aware of what it is, but I'm not aware of how someone would exploit it.
They'd have to find an exploit on T-Mobiles DNS servers (or the higher servers that they receive the information from), that would either: a) use a "fake" higher DNS server to get info from, one that would provide spoofed entries, or b) insert fake entries into the cache. Correct?
Curious as to why you'd be paranoid about this tbh. Even with OpenDNS, if there's an exploits on T-Mobiles servers, wouldn't they be able to exploit it on the edge/3g servers? And if OpenDNS were ever compromised, it would leave hundreds of thousands of users more vulnerable, vs the (very) few people who use their cell phone for web banking.
neoobs said:
Ummm opendns.com/org doesn't work for me and I am on opendns
Click to expand...
Click to collapse
Confusing syntax on my part. I meant .com or .org.
Gary13579 said:
Stupid question: why are you worried about DNS poisoning? I'm aware of what it is, but I'm not aware of how someone would exploit it.
They'd have to find an exploit on T-Mobiles DNS servers (or the higher servers that they receive the information from), that would either: a) use a "fake" higher DNS server to get info from, one that would provide spoofed entries, or b) insert fake entries into the cache. Correct?
Curious as to why you'd be paranoid about this tbh. Even with OpenDNS, if there's an exploits on T-Mobiles servers, wouldn't they be able to exploit it on the edge/3g servers? And if OpenDNS were ever compromised, it would leave hundreds of thousands of users more vulnerable, vs the (very) few people who use their cell phone for web banking.
Click to expand...
Click to collapse
Guess you don't frequent boards as much as myself. It has already happened twice now. Just search for browser hijacked...
Being it has only been on Edge/3G, it must be their DNS. WIFI has never been affected.
Open an adb shell or Terminal Emulator and type
Code:
setprop ro.kernel.android.ndns 2
setprop net.eth0.dns1 208.67.222.222
setprop net.eth0.dns2 208.67.220.220
Those are ip addresses for OpenDNS, so use your own if you want something else. It might not be persistent through reboots though. If it isn't, append it to init.rc. I can't test this on actual hardware right now but on the emulator it does pass OpenDNS's test (in the upper right corner). Make sure you set the properties before opening the browser.
jashsu said:
Open an adb shell or Terminal Emulator and type
Code:
setprop ro.kernel.android.ndns 2
setprop net.eth0.dns1 208.67.222.222
setprop net.eth0.dns2 208.67.220.220
Those are ip addresses for OpenDNS, so use your own if you want something else. It might not be persistent through reboots though. If it isn't, append it to init.rc. I can't test this on actual hardware right now but on the emulator it does pass OpenDNS's test (in the upper right corner). Make sure you set the properties before opening the browser.
Click to expand...
Click to collapse
thanks trying this now and it seems to work well
Not only will it not persist on reboot, it will not persist over DHCP, so every time it reconnects to the network, this will have to be redone.
well, dunnow if you'v seen this
Mobile or other devices :
DNS servers are typically specified under advanced wi-fi settings. However, as every mobile device uses a different user interface for configuring DNS server settings, we provide only a generic procedure below. For more information, please consult your mobile provider's documentation.
To change your settings on a mobile device:
1. Go to the screen in which wi-fi settings are specified.
2. Find the screen in which DNS server settings are specified.
3. If there are IP addresses specified in the fields for the primary and seconday DNS servers, write them down for future reference.
4. Replace those addresses with Google IP addresses: 8.8.8.8 and 8.8.4.4.
5. Save and exit.
6. Test that your setup is working correctly; see Testing your new settings below.
Click to expand...
Click to collapse
Ather said:
well, dunnow if you'v seen this
Click to expand...
Click to collapse
Nice try
But that will only affect WiFi.
Ather said:
well, dunnow if you'v seen this
Click to expand...
Click to collapse
that only works for wifi or 3g connection as well?
I think the only way you can use T-Mobiles network is through there DNS. I think they have it locked to that. I remember when I used to tether if you right clicked a picture (that is on the internet obviously not on your hard drive) and went to properties it was never listed just the url that it was supposed to be it also had an ip before that url. That ip was always the same no matter what site. I think there is a proxy running on one end or the other.
aad4321 said:
google dns is the fastest and best...
8.8.8.8
8.8.4.4
Click to expand...
Click to collapse
Prove that google dns is faster than opendns, it hasn't even been out for a week yet while opendns is very mature.
This benchmark would have to disagree with you.
http://gizmodo.com/5420931/namebench-helps-you-find-the-fastest-dns-server-for-your-computer
It is highly dependent on your location. Google DNS might be faster than OpenDNS for some, while UltraDNS might be faster than Google DNS for others.
Try out the benchmarks yourself to see which one is the fastest for you. I use OpenDNS myself.
google dns is not at the moment everywhere the fastest but dont worry it will be. suggest you dont use this for t-mobile nl tv coz this wont count for your download limit and wont add to your download fair-use-time other dns probably will
tried nice worked on x10
I'm using my transformer at school and the school is providing wifi to its students. But there are apparently some odd restrictions associated with it. No app of mine is allowed to access the internet with the exception of browsers and also I'm not allowed to download anything (it just says "download unsuccesful" no matter what I download or from where). I've tried to look for a reson for this and I found out that it might be some firewall settings on the computer that is hosting the wifi, I also asked the school's IT guy and he said that it's likely to be the reason. But the thing is that all the people with computers and iPhones can use applications that use the internet with no problems at all. This makes me think that the wifi host regards me as dangerous or suspicious for some reason, and because it does allow computers and iPhones to use apps that access the internet and are allowed to download files, I think that it might be fixable. Perhaps there are some particular settings that make the wifi host's security to regard me as dangerous and doesn't allow my apps to go to the internet. So what do I have to do for my apps to be able to access the internet and to be able to download files? I really want to know this, because many of the useful apps require internet and by not using them I'm not taking the full advantage of the device. I should also mention that my tablet is running 3.2.1.
But have you tried asking them about letting you use your "netbook" on their netbook. What's the worst they can do? say NO TABLETS ALLOWED? Because unless they know your exact MAC address, they probably won't be able to do anything about it. In my old school, I brought up that I would like to connect my windows mobile device to their network (when I was using it as an mp3 player) and they said sure (they had terrible firewalls which blocked most every site that was fun). Sometimes, the best kind of hackery is the social kind.
Dyskmaster said:
But have you tried asking them about letting you use your "netbook" on their netbook.
Click to expand...
Click to collapse
What do you mean by that?
norsul said:
What do you mean by that?
Click to expand...
Click to collapse
I guess his telling you to ask for permission to use your netbook on their network.
Well first of all I'm using a tablet running android 3.2.1. And I'm kind of confused by your use of the word network, because I said that I can use the school's wifi network for students, but only to some extent, meaning that none of my apps with the exception of the browser are not allowed to access the internet e. g. android market, google translate don't work, they just say that they are unable to connect to the network or something similar. Also downloading any file from anywhere is not allowed, it says download unsuccessful. But iPhone user's apps work perfectly fine. From this I concluded that there must be something about my tablet that makes their security think my apps are dangerous and therefore blocks them, and that because there is no such problem on iOS, I thought that the might be something wrong with my end, and that it it fixable. And my question was what do I need to do to fiz this? I hope that clarifies my point.
statsminister said:
I guess his telling you to ask for permission to use your netbook on their network.
Click to expand...
Click to collapse
yes, thanks, I was kinda in a hurry when I typed that
Ask your school's IT department. Network configurations can be quite complex, and without knowledge of how or what they're blocking- it's hard for us to help. IT would know the issue better, or at least give the explanation as to why it isn't working. For instance, last year at my college nothing but computers were allowed to connect to the wifi. Such control can be done on the network side, and it may not be your tablet's fault.
Have you any friends with an Android device, or better yet android tablet?
I did ask the IT guy and he said that he has no control over the security settings, because it's a network across all of the schools in the city, not just the school in which I am.
Hey, I've tried using dropbox at school and then it says "cache access denied", maybe that can somehow clarify my problem.
settings
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
colint3 said:
Have you set your settings/applications to allow unknown sources (ie is it ticked).
Colin
Click to expand...
Click to collapse
That's only to allow installing apps not from the Market (sideloading). It has nothing to do with an app working or not.
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
a.mcdear said:
Haven't you ever heard of proxy and content filtering?
Schools often set up proxies to restrict certain sites and content from working on their networks. They do it for a variety of reason, including bandwidth conservation, content filtering, network security, etc.
More than likely, they have blocked anything that they deem unnecessary. That means that probably only port 80 is allowed (the http port), possibly a few others for https, pop3 and imap for email, etc.
However, if you're a more advanced user, you can probably bypass right past all of this stuff by setting up your own proxy, or using encapsulation (like nstx or icmptx) to bypass their proxy by encapsulating other services inside DNS or ICMP traffic which are usually allowed to bypass the proxy at school. Like I said though, these are advanced techniques and require you to research and set it up yourself.
Click to expand...
Click to collapse
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
norsul said:
No, I do not no anything about proxy or content filtering, but I remember when I was connecting to the wifi network of the school I was asked to configure the proxy settings by putting some ip address ( I presume that it is an ip adress because it looked like one) and writing 8080 in the port field. If I didn't configure it like that, the internet would simply not work. Could you please tell me where I could educate myself about bypassing proxies or is i a matter that would require a very long time to learn and a lot of prerequisite knowledge?
And by the way, are you sure that this could be done on a tablet? All of that fiddling around seems to require a considerable degree of control which android may lack, or would rooting give me that control?
Click to expand...
Click to collapse
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
a.mcdear said:
OK yeah you are going through a proxy then. The good news is, that because you have to configure it manually, they probably aren't using transparent proxy which can make it easier to bypass.
Getting nstx or icmptx working natively on Android should be possible in theory as both are lightweight and designed to work in Linux... perhaps it can be made into a module that can be activated/deactivated with a shell script, or added to a custom kernel.. obviously this would require a rooted tablet to accomplish.
The other required part of the equation is a computer accessible from the internet, which you can set up install a DNS server and nstx on.
If you manage to get it all working correctly, set your home IP address as your proxy instead of your schools proxy, and you should be able to get through. It should also work to let you access the web for free at places like Starbucks or at hotels where the web is normally routed to a site where you have to pay for web access.
Good luck!
Click to expand...
Click to collapse
That sounds awesome maybe you could make the app id buy it
I found two apps on the android market : proxydroid and ssh tunnel, do you think they would help me to bypass the school's proxy?
And by the way, how legal is this business? I mean I doubt that the school would send be to jail for using google translate but I'm still curious.
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
a.mcdear said:
Legal issues are a potential problem, but its doubtful it would ever be a problem at school. Setting this up on your tablet certainly isn't illegal in itself, but if you're stealing wifi that you would otherwise have to pay for, you CAN get yourself in quite a bit of trouble if you get caught.
Click to expand...
Click to collapse
Ok thanks, wifi network in the school is free for all students so I should be ok. But what about those apps I mentioned before?
And how would I protect myself from geting caught and what is the likelyhood of me getting caught? Can they immediately notice it if someone's trying to bypass their firewall or not? I should point out that the it manager in our school knows quite little about the sexurity system or ao he told me when I asked him whether my problem is somehow connected to their security settings, but the network is not pwned by the school, it's owned by the city and it is present in many schools beside mine, so I think that they might take their security seriously. So basically what I am trying to say is that if I investigate this matter, come there and bypass the proxy so that the youtube app works, is it likely that I am going to get caught, and if yes then what are the ways of minimising the risk (please bear in mind that I have not experience in this)? I'm asking this because I think it's not a very good idea to just walk in and hack the network without any experience and expect that there is no possibility of getting caught.
No neither of those apps are really the solution to your problem. There isn't currently an app for Android that will set up encapsulation like I'm talking about.
And yes, your IT manager at school "might" be able to catch you, but only if he's specifically looking for it. What this basically does is encapsulate your regular IP traffic inside DNS packets (or pings for the icmptx method), which are generally allowed to pass through firewalls and content filters. Basically, it is detectable if your network administrator is looking in the right place and knows his stuff. There would either look like a constant stream of DNS requests from a particular IP on the school network, or a constrant stream of ICMP traffic (pings) being sent out. However both ICMP and DNS are normal for any network, so its also equally possible that the administrator never notices that anything is wrong at all...
Some more sophisticated networks may employ transparent DNS or transparent proxy, which would make these efforts much harder. Transparent proxy is able to intercept any traffic and force it through the proxy at school, while transparent DNS is able to intercept DNS traffic and force it to use a specific DNS server regardless of settings on your tablet.
Like I said in the beginning though, these are really advanced networking tricks that certainly aren't easy to set up, even when all the components are readily available.. its possible they haven't even been attempted yet on an Android device. That said, it shouldn't be difficult to port either icmptx or nstx over to Android for somebody with the requisite programming skills.
Hello!
I just tried checking what URLs Amazon access to download software updates by a Firewall, and, ecstatic that my router supports HTTPS request blocking, I experimented them, one by one, on one of my older 3rd Gen devices.
What you need :-
1. A still bootable Fire tablet,
2. A way to get into your router's settings,
3. Username and password of your router;
(This is usually found on your router's packaging, or sticked into its side, if you can't get it, try continuing because some old routers don't ask for passwords, and if it asks for passwords try contacting the provider for help.)
4. Default Gateway address or a PC connected to router to get it.
5. Common sense of course
First step-
(Skip this if you know your default gateway address.)
Open up a command prompt and type 'ipconfig' and enter, and look for Default Gateway Address, and copy what's in front of it.)
Second step-
Open a web browser and type http://y.o.u.r.g.a.t.e.w.a.y, of course replace with what you copied, but keeping http://.
Third step-
You should see a prompt asking you for password, if not skip this, it may ask you later. Just input your password and username to proceed.
Fourth step-
This is the step that requires common sense. You will have to determine where's the setting that allows you to block domains. For me, it was on Security=>Domain name filter. As some suggestions look for Parental Controls, Blacklist, Security, Firewall, domain name filter, Webpage blacklist, etc.
Fifth step-
You can block the two below to stop downloading amazon updates for good, I tested this on my HD 8 (2017),
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
(Note that the tablet will still determine if a software update is available, but it will fail to download it. If you want to stop checking for software updates, I think that the two below will do,
softwareupdates.amazon.com
updates.amazon.com)
Sixth step-
Remember to apply the settings of course, and then quit the router settings, and try visiting one of the sites above. If it stucks on loading then you are successful, if it shows something as Forbidden or Error then your router probably doesn't support HTTPS blocking.
YOU ARE DONE!
Note-
I tried this on my HD 8, with a freshly flashed stock ROM, and left it connected overnight, just I saw that 'Your device has not yet checked for updates.'
Please remember that if you connect this to an another network, updates will normally download. This is not device specific, just router specific.
I hope that you found this useful!
Thanks!
Just wanted to drop a note here that I blocked those domains using a Pi-Hole (locally hosted DNS-based blocker) but I was still updated yesterday to 5.6.1.0. Perhaps Amazon bypasses the connection's DNS and uses its own? I've now added the blocked domains to my router as well, so fingers crossed I suppose.
Vague Rant said:
Just wanted to drop a note here that I blocked those domains using a Pi-Hole (locally hosted DNS-based blocker) but I was still updated yesterday to 5.6.1.0. Perhaps Amazon bypasses the connection's DNS and uses its own? I've now added the blocked domains to my router as well, so fingers crossed I suppose.
Click to expand...
Click to collapse
Strange. I blocked the URLs above in the router the day I made the thread, and my device is not checked for updates ever since. It may be an issue in your blocker, maybe Amazon bypasses the connection's DNS. Good Luck, since you blocked in router now? :good:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
EvanVanVan said:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
Click to expand...
Click to collapse
I'm kinda confused by your question in the first part. On what hardware do you intend to do the blocking? on your android device or on a remote/local server? if you intend to do that on android, then here are some things to consider:
There is the Root method, which I assume based on your question you don't want.
Then there is the rootless method, which is basically an exploit of a loophole in how android handles VPNs. Apps like Blokada and such supposedly establish a VPS locally and block DNS blacklisted requests by leveraging the VPN permission. you can use different apps to monitor them and see what goes out, but you most likely won't find anything suspect.
If you're that paranoid, I suggest using the web server feature in the Adaway app, which lets you use your own host list/DNS block list, sign it yourself for your phone to Trust (as trusted agent or CA certificate) and apply. Ofc doing it with adaway takes away (literally) the convenience of a self updated list, so you have to find your own lists and update it regularly for maximum block-ness.
Slim K said:
I'm kinda confused by your question in the first part. On what hardware do you intend to do the blocking? on your android device or on a remote/local server? if you intend to do that on android, then here are some things to consider:
There is the Root method, which I assume based on your question you don't want.
Then there is the rootless method, which is basically an exploit of a loophole in how android handles VPNs. Apps like Blokada and such supposedly establish a VPS locally and block DNS blacklisted requests by leveraging the VPN permission. you can use different apps to monitor them and see what goes out, but you most likely won't find anything suspect.
Click to expand...
Click to collapse
Thank you, that is super helpful information on how ad blockers work on non-rooted devices. I am not rooted (after Google started automatically updating Pixels I decided the hassle of manually flashing updates and the loss of Android Pay (at the time) wasn't worth it).
I have a Wireguard VPN server on a FreeNAS server at my house. I'm not sure what blokada can track and/or conceivably redirect my traffic using their own DNS server (?). If I can set up a "VPS" and DNS blocking using publicly available lists through my own VPN or a FreeNAS jail/port or my router, I'd prefer to do that.
Maybe I'm overthinking this though haha...
Thanks
EvanVanVan said:
Thank you, that is super helpful information on how ad blockers work on non-rooted devices. I am not rooted (after Google started automatically updating Pixels I decided the hassle of manually flashing updates and the loss of Android Pay (at the time) wasn't worth it).
I have a Wireguard VPN server on a FreeNAS server at my house. I'm not sure what blokada can track and/or conceivably redirect my traffic using their own DNS server (?). If I can set up a "VPS" and DNS blocking using publicly available lists through my own VPN or a FreeNAS jail/port or my router, I'd prefer to do that.
Maybe I'm overthinking this though haha...
Thanks
Click to expand...
Click to collapse
I can relate heavily on the google pay front, but I'm a power user through and through. not having total control freaks me out so root is a must for me, so i gave up using it.
Regarding the host/adblock setup, i do think you're overthinking it. A router with openwrt is basically 80% already pre-configured with dnscrypt and the tools necessary. Using FreeNAS jail, there are sooooo many tuts online for that, i won't even need to tell you how myself. Personally, I use a PI-hole in my home and wireguard/cha cha20 protocol on my router, the webserver feature from adaway on my phone and haven't seen an ad in almost 2 years now.
Slim K said:
I can relate heavily on the google pay front, but I'm a power user through and through. not having total control freaks me out so root is a must for me, so i gave up using it.
Regarding the host/adblock setup, i do think you're overthinking it. A router with openwrt is basically 80% already pre-configured with dnscrypt and the tools necessary. Using FreeNAS jail, there are sooooo many tuts online for that, i won't even need to tell you how myself. Personally, I use a PI-hole in my home and wireguard/cha cha20 protocol on my router, the webserver feature from adaway on my phone and haven't seen an ad in almost 2 years now.
Click to expand...
Click to collapse
Pi-Hole in a jail seems like it's exactly what I'm looking for. I'll look into getting that set up. Thank you!
EvanVanVan said:
Is it possible to setup an ad blocker as part of my personal vpn server? I'm unsure of exactly how ad blocker vpns work (such as ad block plus/blokada), but I'm a little hesitant/untrusting of having this vpn connection always on and running all of my traffic through it.
What would I need to do set this up myself? Alternatively, maybe someone could explain what exactly I'm exposing by having [blokada] enabled all of the time?
Thank you
Click to expand...
Click to collapse
All you need is to maintain the hosts file in Android's /system/etc.
I have several different IP networks on my home, each for another use, for example main internet use 192.168.1.0/24 (with dhcp server), lights on 192.168.2.0/24 etc.
on the other subnets there isn't a dhcp server, therefore you should connect with a static IP. there are some times that a simple login can be done from my mobile, but there is the added time and effort to setup each time the static IP.
On my laptop running windows, i use TCP/IP Manager to switch IPs between my home static various networks and my work static IP.
Do you know of an android app that can store some profiles and can switch between them easily?
none?
Tasker to do the automation for you.
Thats a last resort option, its really strange that there isn't an app for that!
Offtopic: do we have a request an app from devs, or something like that, here on xda?
You can request, not sure where though, but can be ignored.
Devs do what they are interested in.
Or maybe you can look in the Paid Software forum.
IP Changer (Switcher) - Apps on Google Play
Change your IP address instantly and easily.
play.google.com
Wifi Static - Apps on Google Play
Manages your Wi-Fi static IP configurations and even switches automatically!
play.google.com
pl1992aw said:
You can request, not sure where though, but can be ignored.
Devs do what they are interested in.
Or maybe you can look in the Paid Software forum.
Click to expand...
Click to collapse
Thank you!
hope someone has an idea about this, or i will have to ask there...
pl1992aw said:
IP Changer (Switcher) - Apps on Google Play
Change your IP address instantly and easily.
play.google.com
Click to expand...
Click to collapse
- The application works only over mobile data connection - will not work over a WiFi network.
This app just renews the ip from your telecom carrier.
pl1992aw said:
Wifi Static - Apps on Google Play
Manages your Wi-Fi static IP configurations and even switches automatically!
play.google.com
Click to expand...
Click to collapse
This app would be great, if it could work with newer android version like 9 (pie) that i am using...