11
Private DNS on Samsung devices (szmer.info)
submitted 15 hours ago by lemmus@szmer.info to c/privacy@lemmy.ml
11 comments fedilink hide all child comments

I try to use "private DNS" option in my phone's settings, but it often does not work, and therefore privacy cannot be protected all the time. Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)? Also if I understand well, it uses DNS over TLS, but I'm curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it...also it uses IP address instead of hostname). Why no one is seeing this problem and no one wants to address it? I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).

top 11 comments
sorted by: hot top controversial new old
[-] DieserTypMatthias@lemmy.ml 1 points 4 hours ago

Try to search for "private DNS" in the settings.

[-] ThatGuyNamedZeus@feddit.org 4 points 14 hours ago

NextDNS and ReThinkDNS might be helpful, mullvad DNS, adguard DNS, also helpful

[-] 3t13nn3@lemm.ee 3 points 14 hours ago* (last edited 14 hours ago)

I use DNS over TLS on my POCO device and it works as expected. What do you mean about "it uses ip adress instead of hostname" ? Here is my setup :

If you still have a problem, try "invizible pro" app. You can setup dnscrypt instead of DOT.

[-] Zerush@lemmy.ml 4 points 14 hours ago

Invizible Pro is an "must have" on the phone, (!) but download it from F-Droid, not from Google Play

[-] propter_hog@hexbear.net 1 points 12 hours ago

How is it different than Rethink DNS?

[-] Zerush@lemmy.ml 2 points 12 hours ago

Also an good choice, but Invizible Pro, apart of the DNS options, also offers the connection to I2P and TOR network.

[-] JayGray91@piefed.social 0 points 10 hours ago

From the description:

InviZible Pro is an all-in-one program. After installing it, you can easily delete all of your VPN applications and ad blockers. In most cases, InviZible Pro works better, is more stable, and faster than free VPNs.

Obviously it would be better than free VPN services. But I'm wondering how it would stack with my current set up. I already paid for NextDNS and PIA. Usually I don't run PIA unless I want to access spicy stuff. And 99.999% my NextDNS stuff works fine.

I'd love to pay less but I also want to know what I'm trading for it

[-] Zerush@lemmy.ml 1 points 5 hours ago

I understand your point of view and I think that, if you already pay for an service which works for you, than changing to another is only an option and only recommended if you woun't pay anymore for it. You can still test InviZible Pro apart, without a risk, because it's FOSS, pausing your current service.

This is why I always look for an free, or better OpenSource alternative, before I use an paid one (in over 20 years this I never had needed). The first look for a needed soft or service is always in AlternativeTo.

[-] lemmus@szmer.info 1 points 12 hours ago

The problem is with "as expected" that you enter hostname instead of ip address, and therefore your phone has to use unencrypted DNS to get your encrypted DNS IP address first, also for some reason IPS probably can detect DNS over TLS, and filter it out

[-] merde@sh.itjust.works 2 points 13 hours ago* (last edited 8 hours ago)

you understandably sound confused

I try to use "private DNS" option in my phone's settings, but it often does not work, and therefore privacy cannot be protected all the time.

when you have private DNS enabled, you have no connection if it fails. Is it in "auto" or is there a fallback option?

Sometimes I just cannot even ping other servers by IP (like 1.1.1.1) because of it. My question is: WHY this function requires hostname (so you need to query some other plain text DNS before reaching encrypted DNS)?

🤔

Also if I understand well, it uses DNS over TLS, but I'm curious why not DNS over HTTPS (which seems like a reliable solution since I have it configured in my browser and there is never a problem with it...also it uses IP address instead of hostname).

you shouldn't use both, iirc. Your browser is bypassing your "DNS over TLS" in this case

Why no one is seeing this problem and no one wants to address it?

because there is no problem?

I tried downloading Quad9 app, but it does not work either (I guess some IPS is filtering TLS requests in my network, but again why DOH is not used then?).

quad9 app works as a vpn. What do you mean by "it does not work either"?

[-] lemmus@szmer.info 1 points 12 hours ago

Well there is a problem, because if you enter hostname in private DNS field, this hostname has to be resolved first, therefore your phone has to query DNS by using unencrypted DNS provided by network configuration...and for some reason I guess IPS in a network can detect this DNS over TLS traffic and filter it out. Also isn't it better to use double encryption instead of just 1? Like what's wrong with my browser resolving hostnames on its own, its even better imo.

this post was submitted on 30 Apr 2025
11 points (92.3% liked)

Privacy

37336 readers
481 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz