mikaela.github.io/n/dns.md

---
layout: null
permalink: /n/dns.html
redirect_from:
  - /n/ffupdater.html
  - /n/rethink.html
sitemap: false
---

# DNS notes

_For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_

<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

- [Identifying DNS resolver](#identifying-dns-resolver)
- [Identifying support for client-subnet](#identifying-support-for-client-subnet)
- [Mobile applications](#mobile-applications)
  - [Android](#android)
  - [Rethink](#rethink)
  - [FFUpdater](#ffupdater)

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

## Identifying DNS resolver

- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net/) - popup under "Network".
- [dnsleaktest](https://dnsleaktest.com/)
- [whatsmydnsserver](http://www.whatsmydnsserver.com/)
- [ipleak.net](https://ipleak.net/)
- [dnsadblock](https://dnsadblock.com/dns-leak-test/)

The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)

## Identifying support for client-subnet

Or what is being sent to the authoritative servers.

```bash
dig +short TXT o-o.myaddr.l.google.com.
dig +short TXT whoami.ds.akahelp.net.
dig +short TXT whoami.ipv6.akahelp.net.
dig +short TXT whoami.ipv4.akahelp.net.
```

- Note: Cloudflare sends ECS only for whoami.ds.akahelp.net.

## Mobile applications

_With the exception of those apps that config I remember otherwise or share it
with desktop versions etc._

### Android

Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google` (which has ECS) as the _Private DNS_ server as
they have special handling and are thus DNS over HTTPS3 instead of the usual
DNS over TLS. This can be confirmed with
[`https://1.1.1.1/help`](https://one.one.one.one/help) (when using
`cloudflare-dns.com`).

Then setup your web browser (including Firefox (other than stable which
disables `about:config`) and Chrome) to use DNS over HTTPS with your preferred
server and while at it enabling HTTPS only mode.

### [Rethink](https://github.com/celzero/rethink-app)

1. Use either GitHub or F-Droid release as Google Play doesn't have
   blocklists.
1. Enable it.
1. In Android Settings, Internet, Advanced, VPN, select Rethink, make it
   always-on and block connections not using it.
1. Disable private DNS in Android settings too, as it conflicts.
1. In Rethink itself open Configure.

- DNS: enable whatever DNS you prefer.
- DNS: Visit _on-device blocklists_.
- DNS: Consider enabling _Use in-app downloader_, _DNS booster_
- DNS: Disable _Prevent DNS leaks_ to avoid breakage.
- Network: enable _Use all available networks (experimental)_
- Network: _Loopback (experimental)_
  - This also implies the previous option.
- Network: _Choose IP version: Auto_
- Network: _Perform connectivity checks_

1. Remember to also visit Android app details for Rethink, in battery menu
   select unrestricted and in network allow unlimited data even with data
   saver.

Hopefully there is no situation where Rethink stops working and thinks it's
still working. As can be deduced from this section, sometimes Rethink and I
disagree with each other. _I don't guarantee I know what I am doing._

### [FFUpdater](https://github.com/Tobi823/ffupdater)

- `https://dns0.eu;2a0f:fc80::;2a0f:fc81::;193.110.81.0;185.253.5.0`
- `https://open.dns0.eu;2a0f:fc80::ffff;2a0f:fc81::ffff;193.110.81.254;185.253.5.254`
- `https://doh.opendns.com/dns-query;2620:119:35::35;2620:119:53::53;208.67.222.222;208.67.220.220`
- `https://dns11.quad9.net/dns-query;2620:fe::11;2620:fe::fe:11;9.9.9.11;149.112.112.11`
n/dns.md: add DNS notes 2023-03-09 10:57:10 +01:00			`---`
			`layout: null`
			`permalink: /n/dns.html`
n/dns is also known as n/ffupdater now 2024-03-08 07:07:36 +01:00			`redirect_from:`
			`- /n/ffupdater.html`
n/dns.md: add a new rethink section 2024-04-16 13:21:12 +02:00			`- /n/rethink.html`
n/dns.md: add DNS notes 2023-03-09 10:57:10 +01:00			`sitemap: false`
			`---`

			`# DNS notes`

n/{dns,gpg,helen,ksoy,reuse}.md: enable doctoc 2023-04-28 07:23:46 +02:00			`_For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_`

			`<!-- START doctoc generated TOC please keep comment here to allow auto update -->`
			`<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->`

			`- [Identifying DNS resolver](#identifying-dns-resolver)`
			`- [Identifying support for client-subnet](#identifying-support-for-client-subnet)`
n/dns.md: add FFUpdater 2024-02-20 15:18:46 +01:00			`- [Mobile applications](#mobile-applications)`
n/dns.md: note Android special handling of cloudflare-dns.com & dns.google 2024-04-07 19:02:36 +02:00			`- [Android](#android)`
n/dns.md: add a new rethink section 2024-04-16 13:21:12 +02:00			`- [Rethink](#rethink)`
n/dns.md: add FFUpdater 2024-02-20 15:18:46 +01:00			`- [FFUpdater](#ffupdater)`
n/{dns,gpg,helen,ksoy,reuse}.md: enable doctoc 2023-04-28 07:23:46 +02:00
			`<!-- END doctoc generated TOC please keep comment here to allow auto update -->`
n/dns.md: add DNS notes 2023-03-09 10:57:10 +01:00
			`## Identifying DNS resolver`

			`- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net/) - popup under "Network".`
			`- [dnsleaktest](https://dnsleaktest.com/)`
			`- [whatsmydnsserver](http://www.whatsmydnsserver.com/)`
			`- [ipleak.net](https://ipleak.net/)`
			`- [dnsadblock](https://dnsadblock.com/dns-leak-test/)`

			`The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)`
n/dns.md: add dig commands for ECS testing 2023-03-11 14:31:55 +01:00
			`## Identifying support for client-subnet`

			`Or what is being sent to the authoritative servers.`

			```bash
			`dig +short TXT o-o.myaddr.l.google.com.`
			`dig +short TXT whoami.ds.akahelp.net.`
			`dig +short TXT whoami.ipv6.akahelp.net.`
			`dig +short TXT whoami.ipv4.akahelp.net.`
			```

			`- Note: Cloudflare sends ECS only for whoami.ds.akahelp.net.`
n/dns.md: add FFUpdater 2024-02-20 15:18:46 +01:00
			`## Mobile applications`

			`_With the exception of those apps that config I remember otherwise or share it`
			`with desktop versions etc._`

n/dns.md: note Android special handling of cloudflare-dns.com & dns.google 2024-04-07 19:02:36 +02:00			`### Android`

n/dns#android: note that cloudflare has no ecs, while google does, and the test is specific to cloudflare 2024-04-13 19:35:15 +02:00			Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google` (which has ECS) as the _Private DNS_ server as
n/dns.md: Android special casing is DoH3 which was missing 3 2024-04-16 18:51:57 +02:00			`they have special handling and are thus DNS over HTTPS3 instead of the usual`
n/dns.md: note Android special handling of cloudflare-dns.com & dns.google 2024-04-07 19:02:36 +02:00			`DNS over TLS. This can be confirmed with`
n/dns#android: note that cloudflare has no ecs, while google does, and the test is specific to cloudflare 2024-04-13 19:35:15 +02:00			[`https://1.1.1.1/help`](https://one.one.one.one/help) (when using
			`cloudflare-dns.com`).
n/dns.md: note Android special handling of cloudflare-dns.com & dns.google 2024-04-07 19:02:36 +02:00
n/dns: remove rethink mention, it gets overwritten by DoT 2024-04-10 10:05:44 +02:00			`Then setup your web browser (including Firefox (other than stable which`
			disables `about:config`) and Chrome) to use DNS over HTTPS with your preferred
			`server and while at it enabling HTTPS only mode.`
n/dns.md: note Android special handling of cloudflare-dns.com & dns.google 2024-04-07 19:02:36 +02:00
n/dns.md: add a new rethink section 2024-04-16 13:21:12 +02:00			`### [Rethink](https://github.com/celzero/rethink-app)`

			`1. Use either GitHub or F-Droid release as Google Play doesn't have`
			`blocklists.`
			`1. Enable it.`
			`1. In Android Settings, Internet, Advanced, VPN, select Rethink, make it`
			`always-on and block connections not using it.`
			`1. Disable private DNS in Android settings too, as it conflicts.`
			`1. In Rethink itself open Configure.`

			`- DNS: enable whatever DNS you prefer.`
			`- DNS: Visit _on-device blocklists_.`
			`- DNS: Consider enabling _Use in-app downloader_, _DNS booster_`
			`- DNS: Disable _Prevent DNS leaks_ to avoid breakage.`
			`- Network: enable _Use all available networks (experimental)_`
			`- Network: _Loopback (experimental)_`
			`- This also implies the previous option.`
			`- Network: _Choose IP version: Auto_`
			`- Network: _Perform connectivity checks_`

			`1. Remember to also visit Android app details for Rethink, in battery menu`
			`select unrestricted and in network allow unlimited data even with data`
			`saver.`

			`Hopefully there is no situation where Rethink stops working and thinks it's`
			`still working. As can be deduced from this section, sometimes Rethink and I`
			`disagree with each other. _I don't guarantee I know what I am doing._`

n/dns.md: add FFUpdater 2024-02-20 15:18:46 +01:00			`### [FFUpdater](https://github.com/Tobi823/ffupdater)`

n/dns.md: FFUpdater: add DNS0, CISCO OpenDNS & Quad9 ECS 2024-02-20 15:50:48 +01:00			- `https://dns0.eu;2a0f:fc80::;2a0f:fc81::;193.110.81.0;185.253.5.0`
n/dns.md: add FFUpdater 2024-02-20 15:18:46 +01:00			- `https://open.dns0.eu;2a0f:fc80::ffff;2a0f:fc81::ffff;193.110.81.254;185.253.5.254`
n/dns.md: FFUpdater: add DNS0, CISCO OpenDNS & Quad9 ECS 2024-02-20 15:50:48 +01:00			- `https://doh.opendns.com/dns-query;2620:119:35::35;2620:119:53::53;208.67.222.222;208.67.220.220`
			- `https://dns11.quad9.net/dns-query;2620:fe::11;2620:fe::fe:11;9.9.9.11;149.112.112.11`