What is the "Private DNS" setting supposed to be used for in Android 12?
What is the "Private DNS" setting supposed to be used for in Android 12?
In my Android settings I noticed a "private dns" settings set to on.
Settings -> Connections -> More connection settings -> Private DNS
I never touched this as I don't know what it does.
My related Private DNS settings are "Private DNS = On" at the top level.
And then when I diver deeper still, I see that "Private DNS = Automatic."
The three choices are "Off", "Automatic" and "Private DNS provider
hostname" (which is blank on my phone).
What should a default "Private DNS" setting be on a typical Android phone? And what is this "Private DNS" all about anyways?
Private DNS is Android's implementation of either DNS over TLS, or DNS
over HTTPS (probably the former).
Not sure where it goes if you set it to on but don't specify a provider; probably some google provider. But if it doesn't work set it to dns.quad9.net (easiest to remember; there are others I can't remember so well).
What should a default "Private DNS" setting be on a typical Android phone? >> And what is this "Private DNS" all about anyways?
Private DNS is Android's implementation of either DNS over TLS, or DNS
over HTTPS (probably the former).
Not sure where it goes if you set it to on but don't specify a provider; probably some google provider. But if it doesn't work set it to dns.quad9.net (easiest to remember; there are others I can't remember so well).
What should a default "Private DNS" setting be on a typical Android phone?
HowToGeek recommends choosing either a Google or Cloudflare Private DNS. https://developers.google.com/speed/public-dns/docs/using#android
8.8.8.8 or 8.8.4.4 https://blog.cloudflare.com/enable-private-dns-with-1-1-1-1-on-android-9-pie/ 1.1.1.1 or 1.0.0.1
I'm happy this topic came up as it's useful to improve Android DNS privacy.
I had never heard of Android Private DNS until this thread so I searched. https://duckduckgo.com/?hps=1&q=android+private+dns
That search found this basic summary of how Android Private DNS works. https://www.howtogeek.com/795644/how-to-enable-secure-private-dns-on-android/
HowToGeek summarized the problem set in essentially three sentences.
1. Android DNS domain-to-IP lookups were usually not encrypted
2. Android 9+ added DNS over TLS encryption for domain-to-IP lookups
3. Android Private DNS encrypts those lookups (but VPN loops around it)
That search found this test to check if Android private DNS is working. https://tenta.com/test/
HowToGeek recommends choosing either a Google or Cloudflare Private DNS. https://developers.google.com/speed/public-dns/docs/using#android
8.8.8.8 or 8.8.4.4 https://blog.cloudflare.com/enable-private-dns-with-1-1-1-1-on-android-9-pie/
1.1.1.1 or 1.0.0.1
But that search above also found this list of Private DNS resolvers. https://dnsprivacy.org/public_resolvers/#dns-over-tls-dot
Quad9 'secure' 9.9.9.9 or Quad9 'insecure' 9.9.9.10
Cloudflare 1.1.1.1 or 1.0.0.1
Google 8.8.8.8 or 8.8.4.4
CleanBrowsing https://cleanbrowsing.org/help/docs/dnsovertls/
Security Filter 185.228.168.9:853 or 185.228.169.9:853
Family Filter 185.228.168.168:853 or 185.228.169.168:853
Adult Filter 85.228.168.10:853 or 185.228.169.11:853
Adguard https://adguard.com/en/blog/adguard-dns-announcement/
Default Filter 94.140.14.14 or 94.140.15.15
Family Filter 94.140.14.15 or 94.140.15.16
No Filter 94.140.14.140 or 94.140.14.141
Control D https://controld.com/free-dns
No Filter 76.76.2.0 or 76.76.10.0
Malware Filter 76.76.2.1 or 76.76.10.1
Ad/Tracking Filter 76.76.2.2 or 76.76.10.2
Malware/Ad/Social Filter 76.76.2.3 or 76.76.10.3
Adult/Drug Filter 76.76.2.4 or 76.76.10.4
Uncensored Domains Filter 76.76.2.5 or 76.76.10.5
[aljazeera.com]
[bbc.co.uk]
[bbc.com]
[bloomberg.com]
[cbc.ca]
[dailymail.co.uk]
[duckduckgo.com]
[dumskaya.net]
[dw.com]
[huffpost.com]
[kyky.org]
[mask-h2.icloud.com]
[mask.icloud.com]
[medium.com]
[meduza.io]
[nytimes.com]
[obozrevatel.com]
[pravda.com.ua]
[protonmail.com]
[radiosvoboda.org]
[reuters.com]
[sci-hub.se]
[spiegel.de]
[svoboda.org]
[theguardian.com]
[time.com]
[tutanota.com]
[ukr.net]
[use-application-dns.net]
[verify.controld.com]
[washingtonpost.com]
[wikimedia.org]
[wikipedia.org]
[ycombinator.com]
Note that HowToGeek recommended against choosing your ISP's DNS server. https://www.howtogeek.com/664608/why-you-shouldnt-be-using-your-isps-default-dns-server/
Cloudflare Private DNS: 1dot1dot1dot1.cloudflare-dns.com or one.one.one.one Google Private DNS: dns.google
Quad9 Private DNS: dns.quad9.net
Cleanbrowsing Private DNS: security-filter-dns.cleanbrowsing.org
Open DNS Private DNS: 208.67.222.222 or dns.opendns.com
NextDNS Private DNS: 45.90.28.0 or dns.nextdns.io
Comodo Secure Private DNS: 8.26.56.26 (I can't find the private DNS domain) OpenNIC Private DNS: 192.95.54.3 (I can't find the private DNS domain name)
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 03:39:53 |
Calls: | 6,666 |
Files: | 12,213 |
Messages: | 5,335,790 |