I've seen people mention a custom hosts file that blocks ads, also included in some roms. how would I go about doing this? or where can I find/make one of these hosts files?
Sent from my Nexus S using XDA Premium App
jaker.the.skater said:
I've seen people mention a custom hosts file that blocks ads, also included in some roms. how would I go about doing this? or where can I find/make one of these hosts files?
Sent from my Nexus S using XDA Premium App
Click to expand...
Click to collapse
Adfree in the market
Sent from my Nexus S
Basically you would enter hostnames in the file from which you know that ads are loaded and associate them with invalid IP addresses so that a connection attempt will fail immediately. The address of the loop back interface (127.0.0.1) is most often used for that, since (if you are not running a web server on your phone) it will return a "connection refused" instantly without sending data out. Of course this will only work if the server hosts only ads and no content needed for you app.
You would have a line like this for every host to block:
Code:
127.0.0.1 adserver.myapp.com
The hostname adserver.myapp.com is of course an example. You would have to find out the real name from logfiles, for example by rerouting your smartphone traffic over some proxy you control.
For the format of the hosts file:
man hosts:
NAME
hosts - static table lookup for hostnames
SYNOPSIS
/etc/hosts
DESCRIPTION
This manual page describes the format of the /etc/hosts file. This file is a simple text file that associates IP addresses with hostnames, one line per IP
address. For each host a single line should be present with the following information:
IP_address canonical_hostname [aliases...]
Fields of the entry are separated by any number of blanks and/or tab characters. Text from a "#" character until the end of the line is a comment, and is
ignored. Host names may contain only alphanumeric characters, minus signs ("-"), and periods ("."). They must begin with an alphabetic character and end
with an alphanumeric character. Optional aliases provide for name changes, alternate spellings, shorter hostnames, or generic hostnames (for example,
localhost).
The Berkeley Internet Name Domain (BIND) Server implements the Internet name server for UNIX systems. It augments or replaces the /etc/hosts file or host‐
name lookup, and frees a host from relying on /etc/hosts being up to date and complete.
In modern systems, even though the host table has been superseded by DNS, it is still widely used for:
bootstrapping
Most systems have a small host table containing the name and address information for important hosts on the local network. This is useful when DNS
is not running, for example during system bootup.
NIS Sites that use NIS use the host table as input to the NIS host database. Even though NIS can be used with DNS, most NIS sites still use the host
table with an entry for all local hosts as a backup.
isolated nodes
Very small sites that are isolated from the network use the host table instead of DNS. If the local information rarely changes, and the network is
not connected to the Internet, DNS offers little advantage.
FILES
/etc/hosts
NOTES
Modifications to this file normally take effect immediately, except in cases where the file is cached by applications.
Historical Notes
RFC 952 gave the original format for the host table, though it has since changed.
Before the advent of DNS, the host table was the only way of resolving hostnames on the fledgling Internet. Indeed, this file could be created from the
official host data base maintained at the Network Information Control Center (NIC), though local changes were often required to bring it up to date regard‐
ing unofficial aliases and/or unknown hosts. The NIC no longer maintains the hosts.txt files, though looking around at the time of writing (circa 2000),
there are historical hosts.txt files on the WWW. I just found three, from 92, 94, and 95.
EXAMPLE
127.0.0.1 localhost
192.168.1.10 foo.mydomain.org foo
192.168.1.13 bar.mydomain.org bar
146.82.138.7 master.debian.org master
209.237.226.90 www.opensource.org
Click to expand...
Click to collapse
Of course, you also could follow the suggestion in post #2. You will need root in any case.
yep I have root. thanks so much for the detailed explanation! helped a ton.
Sent from my Nexus S using XDA Premium App
The following is a 3-step process for gaining remote access to your PC Via your Android phone's data connection for FREE and without a static IP.
IT USES YOUR DATA PLAN SO MAKE SURE YOUR HAVE UNLIMITED DATA PLAN OR YOU'LL BE SAD!!!
It allows you to control and view your PC by accessing Windows Remote Desktop using Pocket Cloud on your Android. I used this method on my T-mobile Samsung Vibrant and am now using it on my HTC Amaze. Currently, I have only tested this using Windows XP. I HAVE NOT TRIED IT ON WINDOWS 7. Someone smarter than I can tweak the process for Windows 7 and MAC OS. Please feel free.
I put this little solution together from some forums I found scattered all over the internet. When I needed it, I couldn’t find the complete solution in one place so; I consolidated it for you here. The VB script in particular is not my original work and I can't remember where I got it for the life of me so; my apologies to the author for not properly citing it here. PLEASE NOTE THAT I AM ONLY POSTING THE METHOD I USED. USE IT AT YOUR OWN RISK!
Now…down to business!!!!!
Here is how it works:
Your PC automatically accesses a website to gather your WAN IP information and sends an "email-to-text message" to your Android on a schedule of your choice. This ensures that you always have access to your current WAN IP address. This is important; DSL providers change your WAN IP address as much as 10 times/day where cable internet providers only do it about once/month.
You then use this information to configure Pocket Cloud (available for free on the Android Market) to connect to your home router/PC. Using the current WAN IP as the "host address" in Pocket Cloud, you can connect, control, and view your PC remotely over your Android's data connection.
Requirements:
In order for connection to work, the following must be done before you start the steps. Don't worry, these are all easy.
· Your PC must be powered on with an internet connection (obviously)
· Windows XP must have a windows logon password set (assuming you are not on a home network with an actual server).
NOTE
If you have a modem connected directly with no router, you are all set. Skip the next bullet.
· Your router must be set to forward "remote desktop" activity (port 3389) to the PC to which you'd like to connect; make sure the router doesn't block the remote desktop application (see your router manual).
· Make sure your internet security software (see your software manual) and Windows XP ("my computer" properties under the "remote" tab) allows remote access to your PC.
STEP 1. Tweak the RED ITALIC TEXT ONLY of the VB Script (attached at the bottom) in by creating a new "note pad" file; pasting it in to "Note Pad"; and saving the file as "EmailIP.vbs".
NOTE
You can test your script by double clicking the .vbs file you just created. If you then get a text message with your IP address in it, you are good to go. The text message should only take a few minutes to arrive.
STEP 2. Schedule the script to run at any interval you'd like by browsing to it from within Windows Task Scheduler. This is under Start>All Programs>Accessories>System Tools>Scheduled Tasks. If you need help with task scheduler, Google it.
NOTE
The task should be scheduled more frequently for those using a DSL home internet provider. I set mine for every 2 hours as I use DSL at home. Cable internet can be scheduled to run much less often.
STEP 3. Install and configure Pocket Cloud RDP free from Android Market. using IP just texted to your Android and your Windows Logon information.
· Create a new connection in pocket cloud.
· Enter a nick name of your choice into the "Nick Name" field.
· Enter the WAN IP which was just texted to your phone into the "Host Address" field.
· Enter your windows logon user name and password into the "User Name" and "Password" fields.
· Leave everything else alone!
· Scroll to the bottom and hit "Save."
· Tap the connection and you should be connected to your PC with in seconds.
Cheers!
I use MyPhoneExplorer, very easy and noob-proof
i use teamviewer for this...
teamviewer does not require u to have static WAN ip...
the only thing u need is teamviewer account which is free...
I have create a vpn and get the static ip from no-ip.org
.
Thread moved. Would advise you to read forum rules and post in correct section.
enox2604 said:
I have create a vpn and get the static ip from no-ip.org
Click to expand...
Click to collapse
Good choice, however, no-ip and teamviewer both require that a 3rd party have certain terminal info or it pings the server periodically. This solution keeps third arties out of the equation with the exception of a collecting your own IP from an outside URL. Again, somone much smarter than I would be able to write a script that collects your WAN from the CMD prompt or something native to OS rather than a URL. If you know how, Please do and post it here.
orb3000 said:
Thread moved. Would advise you to read forum rules and post in correct section.
Click to expand...
Click to collapse
My Apologies. I did read them and didn't see a good fit anywhere as this is neither an App nor a game. It will take me some time to figure out where threads should be posted. Thanks for your patience.
Please read this first!
The entire system is build up for demonstration and should show a new way to protect against Internet and Online threats. It should demonstrate that it is possible within the Internet to protect user, devices and there data.
The entire System is a pure & 100% DNS filter system without the usage of any kind of proxy. My goal is it to proof security is possible without using any kind of proxy.
A lot of sites using HTTPS communications within the Internet and therefore I offer a special self signed Root Certificate which block any existing domain on the blacklist with a valid HTTPS connection. Different sites using broken HTTPS Traffic to detect Adblock technologies and some sites might require the keweon Root Certificate. All HTTPS connections are only used to prevent browser and application errors within your Operation Systems.
From the technical point of few a root certificate and just a DNS server is never a threat for any users or any kind of data. The entire system is protected within various ways to prevent data stealing from users and devices.
For actual reasons and because of many discussions I want to inform you about threat possibilities:
1. DNS Server which are not DNS Server and they act as (transparent) Proxy are able to redirect the entire user traffic for Data Analysis or Data stealing.
2. DNS Server which are not DNS Server and they act as (transparent) Proxy can easily redirect traffic to a Web Server and infect your system with this kind of online threats:
Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.
This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.
3. DNS Server which are not DNS Server and they act as (transparent) Proxy can use all methods of attacks in Point 2 to act as Botnet or Cache Server to spread this kind of attacks by a simple HTTP infection and download additional payload via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with a single Let'sEncrypt certificate.
4. DNS Server which are not DNS Server and they act as (transparent) Proxy can use a self signed root certificate to steal passwords and logins when you install this. The keweon Root Certificate is designed to protect users and against HTTPS errors which will happens because of filter or blocking HTTPS traffic. When a keweonDNS Server is setup as a (transparent) Proxy it is possible to redirect the entire user traffic and get user login and passwords which is generally known as "MITM ATTACK".
Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.
5. The entire keweonDNS Project is build and invented to protect users, there Data and its protecting against almost all Online threats. Various fuses are build into the entire environments many times.
6. The keweon Servers do not any kind of Data collection. This is one of my core visions. Why I should build up a system which prevent data collection system and then I will do it by myself? There is also NO (!) Data Collection even on Servers OS Level.
The entire keweonDNS System runs public with global access since 2014. At this point let me say thanks a lot to all users for there trust into me and the entire keweonDNS solution.
Thanks a lot to each single user!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
**************************************************************
Business inquires: Please see contact information section below.
***************************************************************
**************************************************************
Keweon quick start.
Read the available servers and certificate sections now if you already know what you are doing. New users please skip to the "About Keweon" section below and return to the DNS and Certificate sections later:
**************************************************************
**************************************************************
Available DNS servers (choose one primary and one secondary):
Main Servers:
IP: 176.9.62.58
IP: 176.9.62.62
or
IPv6: 2a01:4f8:150:8023::58
IPv6: 2a01:4f8:150:8023::62
Click to expand...
Click to collapse
Update November 28, 2018:
If you have installed the root certificate, I recommend that you use these two servers. This servers can be used without certificate but a lot of sites will not porpper work.
IPv4: 213.239.207.143
IPv6: 2a01:4f8:a0:8487::143
IPv4: 107.191.55.215
IPv6: 2001:19f0:6401:175d::215
Click to expand...
Click to collapse
These servers have special blocklist entries which blocks things such as graph.facebook.com, pixel.facebook.com, all amazon-adsystem.com domains and all the things which are normaly not possible to block without any impact to apps, websites and other things. Also, this blocks special domains for YouTube which prevents data transmission to them.
**************************************************************
Available Server List for keweon Privacy & Security
(Server Edition keweonDNS v.6.80.280.LL)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
**************************************************************
**************************************************************
Keweon Root certificate (not required, but will suppress certificate errors):
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge and Chrome Browser.
>> CLICK HERE <<
MSI within a ZIP file:
>> CLICK HERE <<
For Android and iOS devices, also for Firefox and Mozilla Browser:
>> CLICK HERE <<
Certificate within a ZIP file:
>> CLICK HERE <<
For Admins to use it within Active Directory as REG file:
>> CLICK HERE <<
REG within a ZIP file:
>> CLICK HERE <<
If you want to have a "AllInOne Package" use this link please:
>> CLICK HERE <<
(End of Quick Start section)
**************************************************************
**************************************************************
About Keweon:
Keweon comes from the German words "KEine WErbung ONline"--translated to English it means "no advertising online."
Keweon is more than a generic adblock system. Keweon does:
Advertising Blocking
Adware Protection
App Protection
Bandwidth Protection for Mobile Phones
Botnets Protection
Cryptoware Protection
Fake Online Shop Filter
Fake Software Protection
Malware Protection
Miningware Protection
Online Worms Protection
Pharming Protection
Phishing Protection
Popup Blocker
Privacy Protection
Ransomware Protection
Remote Keyloggers Protection
Rogue Security Software Protection
Spoofing Protection
Spyware Protection
Tracing Protection
Tracking Protection
Trojan Protection
Virus Protection
and a lot of other things
Things Keweon does not do or does not have:
Acceptible advertising exceptions
A Malware or virus scanner
Data collection
Keweon will:
Save bandwidth. Ads are blocked, not just hidden.
**************************************************************
**************************************************************
Basic instructions:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate (recommended, not required)
3. Change your Internet Router or your Mobile Device to use the servers
4. Reboot (Router and PC)
**************************************************************
**************************************************************
Trusted apps for changing DNS on your device:
- Android: https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
- iOS/Apple: https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
- Chrome OS: Click on wifi icon, click on Network, scroll to Name Servers, and input DNS entries.
- Chrome browser help: https://www.xda-developers.com/fix-dns-ad-blocker-chrome/
**************************************************************
**************************************************************
FAQ:
1) Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flow through my servers. Also the same with HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
2) Here are some questions from Telegram users which might be interesting for you.
http://downloads.keweon.center/keweon/keweon_questionnaire.pdf
3) If you have questions - please ask!
**************************************************************
**************************************************************
Contact information:
If you want to send blacklists (things that should be blocked) please send them to: [email protected]
If you want to send whitelists (things that shouldn't be blocked) please send them to: [email protected]
If you open a Website and this site looks kind of strange because of missing CSS & other things, then take the URL, copy to TXT and send this TXT to: [email protected]
Developer email: [email protected] (If you are a Company and if you want to test and use keweonDNS within a business environment I can offer you a faster connection within EMEA.
This is only possible if you have a public static IP Address. Dynamic Addresses are currently not possible for security reasons.)
**************************************************************
**************************************************************
New license terms because of the EU DSGVO/GDRP (25.05.2018):
Business and Corporate usage is not allowed without my written permission.
The usage of keweon within a private and personal environment and all released and public available files of the entire keweon System are subject of the License right of the WTFPL license.
Excluded from this license are all server technologies, the SSL technologies and in addition all source codes which personally belongs to me.
**************************************************************
How to use keweon?
It's very easy:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate ( <<< THIS IS ONLY A RECOMMENDATION)
3. Change your Internet Router or your Mobile Device to it
4. Reboot (Router and PC)
5. Done! That's it.
6. See the Internet within a never seen way
In the meantime the keweon AdBlock Root Certificate has more than 4 Millions global downloads. This certificate is not required but for a few websites it is mandatory.
This certificate will only surpress the certificate errors. Not all of them because I'm still working on this.
On iOS Devices just open Safari. With Android use the default Browser and go to http://pki.keweon.center and after 3 sec. the download of the certificate will start. JUST THE DOWNLOAD!! You need to install it by yourself. More facts about the keweon Root Certificate will comming soon on the website.
Test the DNS Servers within this List and choose the one which is the fastest for you:
https://forum.xda-developers.com/android/software-hacking/keweon-privacy-online-security-t3681139#6
How to use it on Android devices:
Use an App of your choice or use this. I also use this app and from my point of view this is the worldwide best App to change the DNS settings on Android devices. No Root Access is required. The developer is from Germany and I have had a good contact to him. The app is free of charge and also free of advertising. The source code for this app is also available on GitHub. If you have troubles with it or want to have additonal features than contact the developer. He would be happy about every feedback.
https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
How to use it on iOS/Apple devices:
All my iOS Tester using this App. If you have a better one or you are able to translate the Android App to XCode - your welcome.
https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
You are using Chrome and the DNS thing is not working? (thanks a lot @NamitNayan for this info)
Google wants to prevent Adblocking via DNS. Therefore they have enabled an experimental Switch by default to prevent DNS blocking.
Take a look at here if it's not working >>> HERE <<< and fix the problem within seconds.
Technical Details
Public available DNS:
Take a look at this thread:
https://forum.xda-developers.com/showpost.php?p=73985083&postcount=6
Background System:
The current system needs 42 Server (!) in the Background that everything is working.
Actually the entire infrastructure is hosted on 5 different providers.
How does it work?
The entire System works with several Servers. Ubuntu, FreeBSD 11 and my own build Operation System based on UNIX is installed. The entire developement and all source codes are not public available. There is more than 14 yrs of work inside.
Current Blacklist size:
39.585.224 Domains (export to TXT)
Current Virus/Ransomware Blacklist size:
18.853.587 Domains (export to TXT)
Current Blacklist contains:
Tracker, Malware, Spyware, Adware, Advertising, Poison Websites Fake Software (Adobe Flash Updates which is in real Malware/Virus) & a few false/positive Sites.
To cover all HTTPS errors because a lot of Advertising Vendors display and spread this crap via https to the world I have created the keweon Root Certificate. Allmost every Malware and Spyware will be installed via HTTPS. The Root Certificate is only responsible to suppress all https error messages for all this Advertising and poison things.
Which Systems are working and acting with keweon?
The keweon System is tested on almost every Operation System and Devices (iOS, Android, Xbox, Playstation, Samsung TV, etc... ) It's currently running within 3 companies because I know the Admins there. You can use it within you private environment but please DO NOT USE it within a Business environment.
Why I can't use it within a Business environment?
There are 2 reasons for it.
1. I want that the entire system becomes free for private and personal usage and I already have requests from Companies and even from the Public Sector that they are interested about to use the System. As long as there are too many error within the System I don't have the option to sell this as an Business solution. That's the deal.
2. Private for free, Business needs to license it. Of cause, the current system needs to be a bigger and stable system..
Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flows through my servers. Also the same with the HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
It would not make any sense that I drop all this crap traffic, blame to the advertising Industrie and I do exactly this things which I want to prevent?
Btw... This fact was also the problem why I have had no success with investors. They want that I enable data sniffing or user sniffing but I would rather throw away the entire system & developement than doing what they want.
I need your help and support
1. Support me with Black and White lists
It’s veryimportant to know that keweonDNS will NEVER (!) do a censorship of the Internet. If you want to have i.e. Facebook blocked via HOSTS file, it’s up to you. But this will never be done via keweonDNS. I have other plans with porn and violence but this is a stage with keweon kidsafe which is currently far, far away.
IMPORTANT:
Any list you want to send to me has to be send as an attachment within an EMail. I will give you a short example for this.
If you have a Raspberry PI and you have a real cute blacklist than copy all the addresses (or URL’s) into a TXT file and send it to me via mail. The same with some important whitelists. Don't care about the size.
Don’t copy the addresses or URL's into Subject or Body of this Mail because this will never arrive. I don’t want to track and check all the mails and for security reasons only attachments will be processed. Please make sure you only send ZIP files that contains the TXT file or send native TXT files. Everything else will be dropped for security reasons. Don’t care about double entries and it doesn’t matters if you send the same TXT file 5 or 10 times again and again.
Websites which contains errors or Whitelist needs to be processed within the same way. Send the TXT or ZiP – that’s it.
If you want to send blacklists please send them to: [email protected]
If you want to send whitelists please send them to: [email protected]
2. Support me with false/positive on keweonDNS
If you open a Site and this site stay blank than copy the URL into a TXT file and send it to me. You do not need to collect them. If you send me 50 or 100 Mails and each of them contains only 1 link or address this doesn't matters.
If you want to send URL’s or Links which are blocked and should be not blocked then send them to: [email protected]
If you open a Website and this site looks some kind of strange because of missing CSS & other pretty Website things than take the URL, copy to TXT and send this TXT to: [email protected]
3. Router Compatibility:
With a lot of SOHO Router it is possible to change the IPv6 and IPv4 default DNS Server Address. But there are are also a lot of Router outside where this is not possible.
If you can provide some instructions and screenshots within a PDF I will release this on the Webpage. I have the experience that the AVM FritzBox sometimes will work and sometimes not. That is related to the fact that the Provider support IPv6 and you are only able to change the IPv4 DNS Server Address. With the tiny tool "FBEDITOR" it should be possible to change also the default IPv6 DNS Server Address on AVM Boxes.
German Telekom Router are also a peace of crap. There you can change nothing except the Password and the WLAN key. The work arround by selecting "Different Provider" (anderer Anbieter) where you can set manualy the DNS Server will not work.
Unfortunately I only have CISCO, LINKSYS and ASUS Hardware running with i.e. DD-WRT. I appreciate if you can help me with creating instructions how to change DNS v4 & v6 settings on your Home/SOHO/Wireless Router. No rush on this because all this instructions will be released on the Website.
Million thanks in advance!
Important Links
Website:
http://www.keweon.de and http://www.keweon.com
Forum (in progress)
http://forum.keweon.com
http://board.keweon.com
http://forum.keweon.de
http://board.keweon.de
App URLs:
Android Apps:
Frostnerd (Daniel's) DNS Changer App
Frostnerd (Daniel's) DoT and DoH (DNS over TLS and HTTPS) App (under developement)
iPhone and other iOS devices Apps:
AppStore App - Free of charge DoH changer App
keweon Root Certificate
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge, Opera, Chrome which has no own certificate storage.
MSI within a ZIP file
For Android and iOS devices, also for Firefox and Mozilla Browser (just visit the site with the Browser)
Certificate within a ZIP file
For Admins to use it within Active Directory as REG file
REG within a ZIP file
If you want to have a "AllInOne Package" use this link please
Additional Links
Change DNS Settings on DD-WRT with DNSMASQ within the right way
How to set Firefox DoH Settings
keweonDNS for Windows
Download the QuickSetDNS from NIRSOFT and use it on Windows to change your DNS settings.
Currently it's only working with IPv4. Link to NirSoft is HERE
Use the QuickSetDNS config to add all DNS servers and choose your favorite DNS Server. Unzip the file, copy it into the directory where you have extracted the download.
If you have any recommendations about additional links, let me know!
keweonDNS & installation Information
ALL keweonDNS Servers:
Version: DoT Server - DNS over TLS (updated 03/21/2019)
Used Certificate: Let'sEncrypt Certificate
Server Address: dot.asecdns.com
Port: 853 & 443
IP Addresses:
dot.asecdns.com (159.69.48.240 - HETTNER RZ Falkenstein)
dot.asecdns.com (116.203.117.199 - HETTNER RZ Nuernberg)
dot.asecdns.com (95.216.192.253 - HETTNER RZ Helsinki)
dot.asecdns.com (2a01:4f8:1c17:6e44::240 - HETTNER RZ Falkenstein)
dot.asecdns.com (2a01:4f8:c2c:491::199 - HETTNER RZ Nuernberg)
dot.asecdns.com (2a01:4f9:c010:3071::253 - HETTNER RZ Helsinki)
Version: DoH Server - DNS over HTTPS (updated 03/21/2019)
Used Certificate: Let'sEncrypt Certificate
Server Address: doh.asecdns.com/nebulo
Port: 443
IP Addresses:
doh.asecdns.com (159.69.49.250 - HETTNER RZ Falkenstein)
doh.asecdns.com (116.203.126.207 - HETTNER RZ Nuernberg)
doh.asecdns.com (95.216.165.29 - HETTNER RZ Helsinki)
doh.asecdns.com (2a01:4f8:1c17:6fc7::250 - HETTNER RZ Falkenstein)
doh.asecdns.com (2a01:4f8:c2c:e25::207 - HETTNER RZ Nuernberg)
doh.asecdns.com (2a01:4f9:c010:1cbd::29 - HETTNER RZ Helsinki)
Version: keweonDNS v.6.80.280.LL (updated 03/21/2019)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
Physical Instance:
Germany / Falkenstein
k1-de-058-fsn.keweon.center (Physical)
176.9.62.58
2a01:4f8:150:8023::58
and
176.9.62.62
2a01:4f8:150:8023::62
DNS Server to use with keweon Adblock Root Certificate:
This Servers block in addition:
- pixel.facebook.com
- Amazon data collection and advertising
- more things which are normally not possible will coming soon step by step
Germany / Nuernberg
k1-de-143-nbg.keweon.center (Physical)
213.239.207.143
2a01:4f8:a0:8487::143
USA / Dallas - Texas
k1-ns2-us02.keweon.center (vServer)
107.191.55.215
2001:19f0:6401:175d::215
(Updated at 21. March 2019)
Works like a charm better than adaway just download a dns app just have to change the dns then your done
Works like a charm. Thank you. Is there any difference between this and using VPN-based adblocking apps? (importing our own blacklists into it)
ninjanmizuki said:
Works like a charm. Thank you. Is there any difference between this and using VPN-based adblocking apps? (importing our own blacklists into it)
Click to expand...
Click to collapse
This should be no Problem. But if you are using with the VPN App a different DNS Server than my system might not longer work. No clue about your VPN & DNS settings.
Please keep in mind, the last DNS Server rules. If you set my DNS Server and than u run a VPN App with a different DNS Server u will "overwrite" my DNS Server settings.
From the blacklist itself that should fit. Haven't had this bevor. ?
Send me PM if you have further questions.
Anyway, thanks a lot.
UPDATE:
The current Infrastructure will be upgraded to 10 GBit (!) DNS Server power and much more faster system.
Please notice that the DNS Server addresses will change during the next weeks.
After this upgrade you can spread the system to all of your friends.
Thanks a lot & more will comming soon on the website
...which is currently still under developement...
MrT69 said:
UPDATE:
The current Infrastructure will be upgraded to 10 GBit (!) DNS Server power and much more faster system.
Please notice that the DNS Server addresses will change during the next weeks.
After this upgrade you can spread the system to all of your friends.
Thanks a lot & more will comming soon on the website
...which is currently still under developement...
Click to expand...
Click to collapse
Working well, but I get 'invalid security certificate' error popup on most pages. Any way to eliminate?
If this URLs are wrong within the blacklist, do me a favor and send them to me to whitelist them.
Copy the URLs from the Browser into a TXT file and send this to. Keep in mind only attachments will arrive. It will help not if you type the addresses or URLs within the mail Body.
[email protected]
Doesn't matters if you send 100 Mails per Day because the will automatically processed during the night.
I'm happy for every wrong listed URL. Million thanks in advance for your feedback.
If this is affecting websites which are not false positive than you need to wait a few days. Currently I'm working to terminate all https crap from the advertising side. But therefore it is a must to have the keweon Root Certificate installed. Right now I need to terminate every https error manually.
It is incredible how many poison sites work with HTTPS so it was a need to develope a different solution than doing this always manually. The server installation is in progress but first I need to finalize the tests. Should be done until next weekend.
Update 1:
Please take a look at the second posting. The first 10Gbit DNS Server is online and working. Yeaaahhhhh!!!
Germany:
10Gbit DNS v4: 89.33.16.222
10Gbit DNS v6: 2a01:367:c1f2::448
Of cause it's a shared 10Gbit - but it's in Germany and damn fast. Next month the second 10Gbit in USA will be online. Installation is already in progress.
Update 2:
Today at 3:00 AM (Germany GMT+1) after the daily reboot procedure the entire HTTPS problem is solved.
If you have the keweon Root Certificate installed EVERY (!) HTTPS error is gone. I was developing this procedure since more than 2 yrs and during the last 3 months I have had no additional problems or errors.
The entire HTTPS crap will be terminated and to make sure that this is done from my site, every "keweon termination" is marked with a specific favicon. Sometimes it happens that a site still has a problem with the HTTPS errors even when everything is working on my site. This happens to HTTPS overlays or HTTPS calls with bad coded Java Scripts. If this error happens that you receive a Banner or Overlay with HTTPS error message than please reload the site and the error will never occurs again.
The problem is related to the programmers of the websites. Sometimes I have the feeling that some of them still use FRONTPAGE to develope websites. Anyway, just reload and that's it.
Now the big question - is this save?
Absolut! I will terminate only the evil traffic and within the tunnel there are no data. Let's assume I will do this with Paypal - what will happens?
When the URL's "PayPal and PayPalObjects" are on my blacklists than it is not possible at all for you to contact the website. Because of this it is also not possible to grab any input from your site because the login to PayPal would be not longer possible. Please feel so free and track the traffic. I even would help to investigate and help you to take a deeper look inside.
How is it possible?
Please understand that this is a very difficult thing to explain and on the other hand everything what I would release here in XDA is also visible to "the dark side" and they might have the option to do strike against this. Of cause, I will release more informations on the website which will be the next thing during the next 2 weeks. Currently 40 Servers within the Background only working for terminate this problem. Yes, this is a raised middlefinger to the entire & global ads industrie and I'm so damn proud of my solution.
Please remember: The keweon Root Certificate is still not required. If you have concerns than it is OK for me if you do not use it. If you would like to have a clean and "https error confirmation free" Internet than you should to install it. The certificate will be available at: http://pki.keweon.center - the download will start after 3 seconds and you need to install it.
Update 3:
This is the cutest news. Since one month a company was testing the solution and with the "Sophos" appliance it was possible to configure it within a way that the local installation of the "keweon Root Certificate" was not longer required.
I guess Sophos will not realy notice me but from today I can say that keweon official supports the "Sophos Appliance". The tutorial is in progress and as soon as this is finished I will release it. I hope I will get more instructions from your side how to mange this with other Systems. (CISCO, Checkpoint, PaloAlto and other heavy firewall and security systems)
I like this concept and want to keep testing. Here's my issue - for some reason, activating design change causes very slow loading speed. Same on WiFi or mobile. I have entries active for ipv4 and ipv6. For ipv4, the first set of numbers in post 2 won't work. Dns changer shows red line in entry field, (bad numbers). So, I'm using the second set, (starts with 51.254...). For ipv6, I'm using the first set. They work fine, but cause it to take 10-20 seconds to load a page. It seems like it gets better the more I browse, but still will take 5-10 seconds to load just about any page, and when I open up dns changer and hit 'stop', it is automatically faster, no more lag.
I wondered at first if it was a conflict with other tweaks and mods, (I have build prop tweaks, and AFWall app, etc), so I undid everything and tried again, but the same. I use Naked Browser almost exclusively, but tested with AOSP browser also, and no different.
Any ideas? Thanks
levone1 said:
I like this concept and want to keep testing. Here's my issue - for some reason, activating design change causes very slow loading speed. Same on WiFi or mobile. I have entries active for ipv4 and ipv6. For ipv4, the first set of numbers in post 2 won't work. Dns changer shows red line in entry field, (bad numbers). So, I'm using the second set, (starts with 51.254...). For ipv6, I'm using the first set. They work fine, but cause it to take 10-20 seconds to load a page. It seems like it gets better the more I browse, but still will take 5-10 seconds to load just about any page, and when I open up dns changer and hit 'stop', it is automatically faster, no more lag.
I wondered at first if it was a conflict with other tweaks and mods, (I have build prop tweaks, and AFWall app, etc), so I undid everything and tried again, but the same. I use Naked Browser almost exclusively, but tested with AOSP browser also, and no different.
Any ideas? Thanks
Click to expand...
Click to collapse
Thanks a lot for the feedback.
The problem is related to the latency of my current VPS. That was one of the main reason why I would need to find an Investor. The entire system needs to be run from a physical Host but this will need an Invest for 200.000 Euro per year. 20 GBit Server located within 16 Countries world wide. Would be so cute but they wanted that I collect data from users to sell this. I guess you can imagine what my answers was to this stupid idea.
Anyway... I guess I have an idea. First at all, which county/city you are located? If you don't want to make this public send me a short PM.
Thanks a lot for your support. I'm pretty sure I will find a solution ?
Btw... Anyone else with this problem? Send a short PM with your Country/City.
Thank you very much, it works very well.
I do have a small delay from 5 up to 15 seconds on an initial connection but after the webpage is loaded there is no more delay and often faster than without the dns.
For me its not a big issue, I did pm you with my country and city in case it may be if help for you.
MILLION TIMES THANKS TO ALL OF YOU
FOR YOUR SUPPORT & TRUST INTO KEWEON
Today I received the first f/p blacklist settings and this will be in place tomorrow morning 03:00 AM GMT +1 (German Time). Good to see that the system is in use.
With the help and testing from a view users it seems the current DNS Servers are to slow. I will change the public front end infrastructure. I will anounce this bevore to prevent interruption.
But keep in mind!
I'M NOT GOOGLE OR ANY OTHER DNS PROVIDER WITH A BILLION EURO BUDGET!
Unfortunately I don't have the money to do what I want but I guess this is anyway the best solution which is currently available. I need to host everything on VPS which is from the technical point of view not the best solution because of a high latency. I'm working on this, still think about Investor or Crowdfunding or anthing like this. But first at all I want to have a usable system and a pretty website in place.
That will finally mean that the launch of the website is still in progress - sorry folks - but I guess it is more important that the system will be fast as possible and stable.
OFFER:
If someone of you is interested to take over the responsiblity/administration of the keweon forum - let me know. I'm fine with nearly 8 programming languages but this phpBB3 Board drives me crazy. This is not my world. I appreciate every help and support. My english is not longer the best and my wife would kill me if I would do this also because the technical support of the system needs already a lot of time.
Contact me via PM if you are interested.
MILLION TIMES THANKS AGAIN!
New & faster Servers are online. Feel so free to use it, test it, share it to your friends and wherever you want.
Click here for current DNS Server List
Please test each of the server. Someone from US reportet that UK and NL DNS Server has a damn good performance within USA.
If someone of you have contact to ASIA please let me know what's about the Japan DNS Server.
@Rom DEVS
If you are interested to add the keweon Certificate by default to your ROM you're welcome.
This has the advantage that there is no need to assign a PIN to the device if you place the Certificate by default into the Certificate Store.
Btw, the website is already in progress and I hope you will visit it when it's done.
Really excited about this.
Looking into ways to change the dns on Android with root access, any ideas?
bond32 said:
Really excited about this.
Looking into ways to change the dns on Android with root access, any ideas?
Click to expand...
Click to collapse
Use this App. No Root required. The app is a fake VPN App.
This will mean it will also work in 3G/LTE Mode and it's Open Source available at Git Hub.
Not my App. But I also use this outside.
https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
Enjoy it!
当添加 Local Network 的服务器时,口令字段可以是空白而不是一个必填项。
希望在以后的版本中加以改进。谢谢。
The password field can be blank
When adding a Local Network server, the password field can be blank instead of a required field.
Hope to improve in a future release. Thank you.
现在使用了 1.60.3 版,发觉口令字段仍然是必填项。
Now using version 1.60.3, I find that the password field is still required.
DOSforever said:
现在使用了 1.60.3 版,发觉口令字段仍然是必填项。
Now using version 1.60.3, I find that the password field is still required.
Click to expand...
Click to collapse
Hi, Most SMB services support guest/public access. In case you do not want to protect your resources, we recommend using public/guest access. If you have any other use case, please write us to [email protected] with more details about your use case so that we can share it with our relevant team for further review.
MXPlayer said:
Hi, Most SMB services support guest/public access. In case you do not want to protect your resources, we recommend using public/guest access. If you have any other use case, please write us to [email protected] with more details about your use case so that we can share it with our relevant team for further review.
Click to expand...
Click to collapse
你好,感谢回复。我的情况很简单,就不专门写邮件了,就在这里说说了。我主要是用 Windows 主机的 SMB 共享,虽然可以使用 guest 访问,但正如我在那个帖子所遇到的问题一样,仅仅开放 guest 网络共享是不够的,由于在 NTFS 下 guest 默认是没有文件访问权限的,所以我还要另外对这些文件设置 guest 的访问权限,所以一般情况下我都是用 Windows 的登录用户名来访问的,而我 Windows 登录用户没有设密码,所以如果 MX Player 要以我的 Windows 登录用户名来访问的话我就必须给我的 Windows 的登录用户来设置一个密码,而我不需要密码。
况且,这并非为了我的使用情况而做专门的修改,这也是遵循了 SMB 的规范,软件的作者应该只要遵循最基本的规范即可,至于从安全性还是其它角度考虑如何设置应该让用户自己去选择。我使用的另外一个播放器访问 SMB 共享可以不强制填写密码。
Hi, thanks for the reply. My situation is very simple, I will not write emails specifically, so I will talk about it here. I mainly use the SMB share of the Windows host, although I can use guest access, but as I encountered in that post, just opening the guest network share is not enough, because under NTFS guest does not have file access by default, so I also have to set guest access to these files, so generally I use the login username of Windows to access, and I Windows The logged-in user doesn't have a password, so if MX Player wants to access with my Windows logon username, I have to set a password for my Windows logged-in user, and I don't need a password.
Moreover, this is not a special modification for my use, this is also following the specifications of SMB, the author of the software should only follow the most basic specifications, as for security or other aspects of how to set up should let the user choose. Another player I use to access SMB shares can be accessed without enforcing passwords.