Block DoH and DoT dns on Android using banip

lenovomi · July 9, 2022, 9:21pm

well apparently ... most of the posts/solutions here are nonsense... as it doesnt work ...

frollic · July 9, 2022, 9:33pm

Don't let the door hit you in the back, on your way out...

lenovomi · July 9, 2022, 9:53pm

well maybe i have something completely wrong ...
i tried to replicate almost everything written here ... with no success ... so no clue

trendy · July 9, 2022, 10:28pm

Blocking DoT is as simple as this. DoH is more complicated, but still can be blocked.

dibdot · July 10, 2022, 4:53am

banIP already includes a blocklist for DoH (also referenced in @trendy post) ... you should start with it and not use an outdated ip list from 2020/2021.

lenovomi · July 10, 2022, 9:41am

they use other toop ipset something ... and i assume you are referring to the the list
"https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-domains.txt"

i assume the easiest way would be hairpining which i am not able to setup correctly...

frollic · July 10, 2022, 9:59am

Nothing you've posted so far, actually proves it isn't working...

lenovomi · May 3, 2023, 12:35am

hello,
so i bought new phone samsung s22; and same issue as on old s10... i cant resolve these hosts... all works fine on iphone... just samsung doesnt work.

any idea? i am seriously desperate.

someone discussed it here ... again without solution....
https://forum.openwrt.org/t/force-android-phone-to-use-local-dns-for-local-domain-name-resolving

frollic · May 3, 2023, 10:33am

nothing have changed, except for your client device.

krazeh · May 3, 2023, 10:46am

Have you disabled the 'Private DNS' setting on your phone?

lenovomi · May 3, 2023, 11:05am

@krazeh sure, nothing happened.

lenovomi · May 3, 2023, 1:54pm

@frollic so i dont get it ... what do u mean?
there are other threads regarding the same issue ... i cant find any thread with a working solution ...

trendy · May 3, 2023, 2:26pm

You also haven't posted any configuration files from what you have tried so far to help you any further.

krazeh · May 3, 2023, 2:27pm

If you use an app like Net Analyzer what does it show the DNS server on your phone is set to?

lenovomi · May 4, 2023, 8:22am

i think thats tcpdump

krazeh · May 4, 2023, 8:47am

It'd really help if you answered the question that was asked...

lenovomi · May 4, 2023, 9:16am

@krazeh oh my fault ... yeah i am going to install it and provide results. thanks and sorry.

lenovomi · May 4, 2023, 9:20am

@krazeh
in dns section it shows>
Default gw ipv6 n/a
dns server ipv6 fddc:69d5:f391::1

is it possible to Disable ipv6 dns server? I dont know why ipv6... as i use ipv4 and also device has ipv4 address and ipv6 (no clue why ipv6...)
fe80::3fc1:....
fddc:69d5:....
fddc:69d5:...

thanks!

krazeh · May 4, 2023, 9:25am

Could you just answer the question that was asked? What DNS server IP is your phone reporting it's using?

lenovomi · May 4, 2023, 9:51am

@krazeh
dns server ipv6 fddc:69d5:f391::1

thats directly from the app u recco.

Inside that app if i go to tools section and using Query / DNS
and when i provide the xxx.duckdns.org ; settings Any; Dns server: 10.0.1.1 (my openwrt)
it resolves the domain xxx.duckdns.org correctly

The problem here is apparently that phone is not using my dns server 10.0.1.1