Jump to content

"Private DNS" setting in Android vs. DNS Settings on Windows/Linux/Router

admkhalid
 Share
Go to solution Solved by jj9987,

Previous poster mentioned the basic stuff, I'll reply for the rest.

47 minutes ago, admkhalid said:

Question 2: Is there any way I can set up 1dot1dot1dot1.cloudflare-dns.com in my device settings (Windows/Ubuntu/Router) just like on Android? Or is the problem with my ISP?

Yes, you can, but you will need additional tools to be able to use DoH (DNS-over-HTTPS) or DoT (DNS-over-TLS), which are two methods of using encrypted DNS. Using an encrypted DNS means your ISP (and other parties inbetween) can not see and intercept (e.g. modify) your DNS requests. It's not a VPN, it just uses widely used protocols to encapsulate DNS requests in an encrypted packet.

 

Android (and I believe iOS as well) has built-in support on the OS level. Other operating systems do not have this built-in (yet, Windows has it in their Insider program atm) and you need to download other tools for that, e.g. Stubby, dnscrypt-proxy, dnsmasq or something else. Same applies to the routers - generally they don't have this feature, some newer ones might have it. Browsers have started to add encrypted DNS option, but that only applies to specific browser and not to other applications running on your computer.

 

As a side note/bonus read - DNS is not the whole story. Your ISP can still see which domains and IPs you connect to (or all your page visits in case of unencrypted browsing). They can still block based on these parameters. To prevent that, you'd have to use a VPN or some sort of proxy.

Posted

I've been using CloudFlare's DNS service for the last year, and it's been good. But for the last 2 days, DuckDuckGo has been down here in India. Reports on news sites say that it's not their problem, and Indian ISP's are responsible for this. But also they said it's working if you're using CloudFlare. But it is still down for me. I checked my router settings, Windows network settings and Ubuntu network settings and still can't connect to DuckDuckGo. But when I tried changing the provider hostname in "Private DNS" setting on my Android device to "1dot1dot1dot1.cloudflare-dns.com" and it works. Even the blocked torrenting sites are working on my phone after this.

 

Question 1: How is this "Private DNS" setting different from the normal DNS setting on other devices or the router? Is it some sort of VPN?

 

I even tried some DNS leak test on browserleaks.com, it says it is CloudFlare but it isn't connecting to DDG.

 

Question 2: Is there any way I can set up 1dot1dot1dot1.cloudflare-dns.com in my device settings (Windows/Ubuntu/Router) just like on Android? Or is the problem with my ISP?

 

Additional info if you need it:

Router: TL-WR841N, ISP: ACT Fibernet

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Private DNS, (I assume it is) DNS-over-HTTPS (DOH) is different in that DNS requests are also encrypted.  DNS lookups are usually public and unencrypted.  Your ISP may have outright banned the IPs and domains of these services, like mine has recently too.  Cloudflare alone no longer works for blocked sites.  VPNs still work tho.

QUOTE ME IN A REPLY SO I CAN SEE THE NOTIFICATION!

When there is no danger of failure there is no pleasure in success.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

Previous poster mentioned the basic stuff, I'll reply for the rest.

47 minutes ago, admkhalid said:

Question 2: Is there any way I can set up 1dot1dot1dot1.cloudflare-dns.com in my device settings (Windows/Ubuntu/Router) just like on Android? Or is the problem with my ISP?

Yes, you can, but you will need additional tools to be able to use DoH (DNS-over-HTTPS) or DoT (DNS-over-TLS), which are two methods of using encrypted DNS. Using an encrypted DNS means your ISP (and other parties inbetween) can not see and intercept (e.g. modify) your DNS requests. It's not a VPN, it just uses widely used protocols to encapsulate DNS requests in an encrypted packet.

 

Android (and I believe iOS as well) has built-in support on the OS level. Other operating systems do not have this built-in (yet, Windows has it in their Insider program atm) and you need to download other tools for that, e.g. Stubby, dnscrypt-proxy, dnsmasq or something else. Same applies to the routers - generally they don't have this feature, some newer ones might have it. Browsers have started to add encrypted DNS option, but that only applies to specific browser and not to other applications running on your computer.

 

As a side note/bonus read - DNS is not the whole story. Your ISP can still see which domains and IPs you connect to (or all your page visits in case of unencrypted browsing). They can still block based on these parameters. To prevent that, you'd have to use a VPN or some sort of proxy.

HAL9000: AMD Ryzen 9 3900x | Noctua NH-D15 chromax.black | 32 GB Corsair Vengeance LPX DDR4 3200 MHz | Asus X570 Prime Pro | ASUS TUF 3080 Ti | 1 TB Samsung 970 Evo Plus + 1 TB Crucial MX500 + 6 TB WD RED | Corsair HX1000 | be quiet Pure Base 500DX | LG 34UM95 34" 3440x1440

Hydrogen server: Intel i3-10100 | Cryorig M9i | 64 GB Crucial Ballistix 3200MHz DDR4 | Gigabyte B560M-DS3H | 33 TB of storage | Fractal Design Define R5 | unRAID 6.9.2

Carbon server: Fujitsu PRIMERGY RX100 S7p | Xeon E3-1230 v2 | 16 GB DDR3 ECC | 60 GB Corsair SSD & 250 GB Samsung 850 Pro | Intel i340-T4 | ESXi 6.5.1

Big Mac cluster: 2x Raspberry Pi 2 Model B | 1x Raspberry Pi 3 Model B | 2x Raspberry Pi 3 Model B+

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 hours ago, jj9987 said:

Previous poster mentioned the basic stuff, I'll reply for the rest.

Yes, you can, but you will need additional tools to be able to use DoH (DNS-over-HTTPS) or DoT (DNS-over-TLS), which are two methods of using encrypted DNS. Using an encrypted DNS means your ISP (and other parties inbetween) can not see and intercept (e.g. modify) your DNS requests. It's not a VPN, it just uses widely used protocols to encapsulate DNS requests in an encrypted packet.

 

Android (and I believe iOS as well) has built-in support on the OS level. Other operating systems do not have this built-in (yet, Windows has it in their Insider program atm) and you need to download other tools for that, e.g. Stubby, dnscrypt-proxy, dnsmasq or something else. Same applies to the routers - generally they don't have this feature, some newer ones might have it. Browsers have started to add encrypted DNS option, but that only applies to specific browser and not to other applications running on your computer.

 

As a side note/bonus read - DNS is not the whole story. Your ISP can still see which domains and IPs you connect to (or all your page visits in case of unencrypted browsing). They can still block based on these parameters. To prevent that, you'd have to use a VPN or some sort of proxy.

I'm well aware my ISP can still block connections with the IP addresses of the site. I was just confused by the whole dns over tls thing on Android. And thanks for the tips regarding it. I successfully set up stubby with CloudFlare as the recursive resolver. DNS over TLS is enabled as reported by this page . DuckDuckGo is accessible right now. Is there any lightweight third-party tool like this for windows. (Fine with CLI tools as well).

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×