Privacy

37535 readers

571 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Private DNS on Samsung devices (szmer.info)

submitted 5 days ago by [email protected] to c/[email protected]

17 comments fedilink hide all child comments

I try to use "private DNS" option in my phone's settings, but it often does not work, and therefore privacy cannot be protected all the time. Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)? Also if I understand well, it uses DNS over TLS, but I'm curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it...also it uses IP address instead of hostname). Why no one is seeing this problem and no one wants to address it? I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 5 days ago* (last edited 5 days ago) (1 children)

you understandably sound confused

I try to use "private DNS" option in my phone's settings, but it often does not work, and therefore privacy cannot be protected all the time.

when you have private DNS enabled, you have no connection if it fails. Is it in "auto" or is there a fallback option?

Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)?

🤔

Also if I understand well, it uses DNS over TLS, but I'm curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it...also it uses IP address instead of hostname).

you shouldn't use both, iirc. Your browser is bypassing your "DNS over TLS" in this case

Why no one is seeing this problem and no one wants to address it?

because there is no problem?

I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).

quad9 app works as a vpn. What do you mean by "it does not work either"?

[–] [email protected] 1 points 5 days ago (1 children)

Well there is a problem, because if you enter hostname in private DNS field, this hostname has to be resolved first, therefore your phone has to query DNS by using unencrypted DNS provided by network configuration...and for some reason I guess IPS in a network can detect this DNS over TLS traffic and filter it out. Also isn't it better to use double encryption instead of just 1? Like what's wrong with my browser resolving hostnames on its own, its even better imo.

[–] [email protected] 1 points 3 days ago

Yes it is true that your phone has to use unencrypted DNS at first but after that is fine. I guess your ISP is blocking TLS traffic? You may set quad9 on your router.