Block DoH and DoT dns on Android using banip

Firstly, it's really really difficult to assist people when trying to get an answer is made so difficult. That screenshot clearly shows a line saying 'DNS Server IP' followed by 10.0.1.1. Yet it's taken 10 posts to get that simple bit of information.. It would be really helpful going forward if you could focus on what has been asked and provide specific responses.

But anyway, now we have established your phone is set up to use your local DNS server, go into 'Tools' on the app and select DNS as the query type. Check the DNS server is your local one (10.0.1.1) and do a query against an address that should be locally resolved (under settings you may have to select 'A' rather than 'Any'). What response do you get?

1 Like

@krazeh as i said, executing such steps i got domain name resolved to my local IP.
Apparently android is using DNS6 not DNS4 ip address, because in case it was using DNS4 it should work.

Inside that app if i go to tools section and using Query / DNS
and when i provide the xxx.duckdns.org ; settings Any; Dns server: 10.0.1.1 (my openwrt)
it resolves the domain xxx.duckdns.org correctly

The problem here is apparently that phone is not using my dns server 10.0.1.1

Maybe apps are trying ipv6 instead of ipv4... i have no idea... if i use app as ping, home assistant none of these can resolve xxx.duckdns.org to my local ip.

Even when i execute ping from within Network Analyzer:
i got error: Failed to resolve Ip address.

You need to distinguish between app and OS.

The DNS6 address is still your router. And given that you don't appear to actually have IPv6 access to the internet then even if your phone is using DNSv6 to speak to your router it should still only be getting IPv4 responses back.

But you can check by selecting Prefer IPv6 when you do a DNS query in the app. Does that give a different reply?

@frollic
i have no clue its broken apparently i dont want to use / set IPV6 address for device/ and DNS - apparently i an not able to get rid of it in adroid.

inside the Network analyzer - DNS ; when i set prefer ipv6 i got correct response. ie it maps domain to local ipv4

but inside Ping section it doesnt resolve/ping host... via same domain name... weird.

I see you're still not reading / understanding the replies you get ,,,

well as i said - 100x thread with same issue.

noone provided clear Advice/resolution. Yes, i do not understand.

perhaps, but most of them actually get fixed / solved / closed.

shocker, you still are unable to answer the questions you're being asked, as @krazeh wrote,
or spin out of control, and start talking about something unrelated.

then that's the answer you should give, not some unrelated BS post.

havent seen any of them solved... :slight_smile:

The ping query in Net Analyzer should receive the same DNS response as if you do the DNS query. It is basically doing the DNS query and then pinging the response. If the DNS query is working, but then the ping isn't (despite using exactly the same address) then it sounds like you have bigger configuration issues somewhere.

everything was answered.

if we're talking about yours, then yes, that would be correct.

no clue where else... All works on Iphone, pc etc. Only doesnt work on Android devices.

sorry i am not getting what you are trying to achieve with such posts/replies... as they are apparently out of the topic....

lol, try reading your own posts ...

ring a bell ?

Local DNS servers work just fine with android. I'm using such a setup with a variety of android versions without any issues.

Can you take a screenshot of the 'ping' and 'dns' screens with all the information filled in (so as they would be just before you hit start).

1 Like

could always set a fw rule blocking all outgoing ipv6 traffic.

...or disable IPv6 assignment in OpenWrt (that's what I do, but for different reasons).

Don't think IPv6 is an issue here. Probably best to not start down that rabbit hole in this particular case.

1 Like