mikaela.github.io/n/dns.md

DNS notes

For DNS resolvers, refer to r/resolv.tsv

• Identifying DNS resolver
• Identifying support for client-subnet
• Mobile applications
  • Android
  • FFUpdater

Identifying DNS resolver

• DNS-OARC’s Check My DNS - popup under “Network”.
• dnsleaktest
• whatsmydnsserver
• ipleak.net
• dnsadblock

The above list is based on redirect2me/which-dns README alternatives section

Identifying support for client-subnet

Or what is being sent to the authoritative servers.

dig +short TXT o-o.myaddr.l.google.com.
dig +short TXT whoami.ds.akahelp.net.
dig +short TXT whoami.ipv6.akahelp.net.
dig +short TXT whoami.ipv4.akahelp.net.

• Note: Cloudflare sends ECS only for whoami.ds.akahelp.net.

Mobile applications

With the exception of those apps that config I remember otherwise or share it with desktop versions etc.

Android

Use either cloudflare-dns.com or dns.google as the Private DNS server as they have special handling and are thus DNS over HTTPS instead of the usual DNS over TLS. This can be confirmed with https://1.1.1.1/help.

Then install Rethink or your favourite DoH app which pretends to be a VPN, or even a VPN app and set it to be always on (but not block connections outside of the VPN unless it’s actually a VPN) and hopefully your DoH server will become the one that is actually used alongside its blocklist.

In case of Rethink remember to disable DNS leak protection.

FFUpdater

• https://dns0.eu;2a0f:fc80::;2a0f:fc81::;193.110.81.0;185.253.5.0
• https://open.dns0.eu;2a0f:fc80::ffff;2a0f:fc81::ffff;193.110.81.254;185.253.5.254
• https://doh.opendns.com/dns-query;2620:119:35::35;2620:119:53::53;208.67.222.222;208.67.220.220
• https://dns11.quad9.net/dns-query;2620:fe::11;2620:fe::fe:11;9.9.9.11;149.112.112.11