Block DoH and DoT dns on Android using banip

does pinging some other random host on internet work ?

yeah all other hosts work fine.

maybe HAIR pinning has to be set somehow .. i dont know.

anyone any idea here?: ((

i think that app works similarly as plex

so it has something with domain rebinding .. no clue .

at the moment phone is still asking google?

root@OpenWrt-main-router:~# tcpdump -nn -i br-lan src host 10.0.1.141 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
19:02:14.127844 IP 10.0.1.141.48202 > 10.0.1.1.53: 52513+ A? www.google.com. (32)
19:03:15.051827 IP 10.0.1.141.43110 > 10.0.1.1.53: 52709+ A? www.google.com. (32)

before it was like that

 tcpdump -nn -i br-lan src host 10.0.1.141 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
18:56:58.339401 IP 10.0.1.141.11391 > 10.0.1.1.53: 44756+ A? encrypted-tbn2.gstatic.com. (44)
18:56:58.339853 IP 10.0.1.141.23789 > 10.0.1.1.53: 7129+ A? encrypted-tbn0.gstatic.com. (44)
18:57:00.278451 IP 10.0.1.141.61352 > 10.0.1.1.53: 34248+ A? discover-pa.googleapis.com. (44)

well apparently ... most of the posts/solutions here are nonsense... as it doesnt work ...

Don't let the door hit you in the back, on your way out...

2 Likes

well maybe i have something completely wrong ...
i tried to replicate almost everything written here ... with no success ... so no clue :frowning:

Blocking DoT is as simple as this. DoH is more complicated, but still can be blocked.

5 Likes

banIP already includes a blocklist for DoH (also referenced in @trendy post) ... you should start with it and not use an outdated ip list from 2020/2021.

2 Likes

they use other toop ipset something ... and i assume you are referring to the the list
"https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-domains.txt"

i assume the easiest way would be hairpining which i am not able to setup correctly...

Nothing you've posted so far, actually proves it isn't working...

hello,
so i bought new phone samsung s22; and same issue as on old s10... i cant resolve these hosts... all works fine on iphone... just samsung doesnt work.

any idea? i am seriously desperate. :frowning:

someone discussed it here ... again without solution....
https://forum.openwrt.org/t/force-android-phone-to-use-local-dns-for-local-domain-name-resolving

nothing have changed, except for your client device.

Have you disabled the 'Private DNS' setting on your phone?

@krazeh sure, nothing happened.

@frollic so i dont get it ... what do u mean?
there are other threads regarding the same issue ... i cant find any thread with a working solution ...

You also haven't posted any configuration files from what you have tried so far to help you any further.

1 Like

If you use an app like Net Analyzer what does it show the DNS server on your phone is set to?