I try to use “private DNS” option in my phone’s settings, but it often does not work, and therefore privacy cannot be protected all the time. Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)? Also if I understand well, it uses DNS over TLS, but I’m curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it…also it uses IP address instead of hostname). Why no one is seeing this problem and no one wants to address it? I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).
WHY this function requires hostname
Because it uses DoT and not DoH.
I also had issues like this, so I just sidestepped it and setup AdGuard Home. When away from the house I use RethinkDNS.
Yeah the thing is, if DOT is default in android system, and there is no option to use DOH, why there is no app that uses DOH? Also I cannot move to my own swtup i got no public IP
I think Quad9 works as a VPN app, and you cannot use a VPN app and private DNS at the same time. You have to use one or the other.
Try to search for “private DNS” in the settings.
you understandably sound confused
I try to use “private DNS” option in my phone’s settings, but it often does not work, and therefore privacy cannot be protected all the time.
if you have private DNS enabled, you have no connection if it fails. Is it in “auto” or is there a fallback option?
Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)?
🤔
Also if I understand well, it uses DNS over TLS, but I’m curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it…also it uses IP address instead of hostname).
you shouldn’t use both, iirc. Your browser is bypassing your “DNS over TLS” in this case
Why no one is seeing this problem and no one wants to address it?
because there is no problem?
I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).
quad9 app works as a vpn. What do you mean by “it does not work either”?
Well there is a problem, because if you enter hostname in private DNS field, this hostname has to be resolved first, therefore your phone has to query DNS by using unencrypted DNS provided by network configuration…and for some reason I guess IPS in a network can detect this DNS over TLS traffic and filter it out. Also isn’t it better to use double encryption instead of just 1? Like what’s wrong with my browser resolving hostnames on its own, its even better imo.
NextDNS and ReThinkDNS might be helpful, mullvad DNS, adguard DNS, also helpful
I use DNS over TLS on my POCO device and it works as expected. What do you mean about “it uses ip adress instead of hostname” ? Here is my setup :
If you still have a problem, try “invizible pro” app. You can setup dnscrypt instead of DOT.
The problem is with “as expected” that you enter hostname instead of ip address, and therefore your phone has to use unencrypted DNS to get your encrypted DNS IP address first, also for some reason IPS probably can detect DNS over TLS, and filter it out
