2.5 KiB
DNS notes
For DNS resolvers, refer to r/resolv.tsv
Identifying DNS resolver
- DNS-OARC’s Check My DNS - popup under “Network”.
- dnsleaktest
- whatsmydnsserver
- ipleak.net
- dnsadblock
The above list is based on redirect2me/which-dns README alternatives section
Identifying support for client-subnet
Or what is being sent to the authoritative servers.
dig +short TXT o-o.myaddr.l.google.com.
dig +short TXT whoami.ds.akahelp.net.
dig +short TXT whoami.ipv6.akahelp.net.
dig +short TXT whoami.ipv4.akahelp.net.
- Note: Cloudflare sends ECS only for whoami.ds.akahelp.net.
Mobile applications
With the exception of those apps that config I remember otherwise or share it with desktop versions etc.
Android
Use either cloudflare-dns.com
or dns.google
as the Private DNS server as they have special handling and are
thus DNS over HTTPS instead of the usual DNS over TLS. This can be
confirmed with https://1.1.1.1/help
.
Then install Rethink or your favourite DoH app which pretends to be a VPN, or even a VPN app and set it to be always on (but not block connections outside of the VPN unless it’s actually a VPN) and hopefully your DoH server will become the one that is actually used alongside its blocklist.
In case of Rethink remember to disable DNS leak protection.
FFUpdater
https://dns0.eu;2a0f:fc80::;2a0f:fc81::;193.110.81.0;185.253.5.0
https://open.dns0.eu;2a0f:fc80::ffff;2a0f:fc81::ffff;193.110.81.254;185.253.5.254
https://doh.opendns.com/dns-query;2620:119:35::35;2620:119:53::53;208.67.222.222;208.67.220.220
https://dns11.quad9.net/dns-query;2620:fe::11;2620:fe::fe:11;9.9.9.11;149.112.112.11