0

NextDNS with NetGuard

I've blocked internet access to several apps on my Android 12 via NetGuard.

But I still see requests made by those apps on my NextDNS log

9 replies

null
    • Jeronimo
    • 7 mths ago
    • Reported - view

    Just switc to tls secure connection on your android 12 and you will be fine

      • krugermax01
      • 7 mths ago
      • Reported - view

      I'm using DNS-over-TLS/QUIC if that's what you're suggesting.

      Or did you mean something else?

      • Jeronimo
      • 7 mths ago
      • Reported - view

       android 12 has privat dns in settings it self, why using an app then?  To manage Private DNS options, you need to go to Settings > Network & Internet > Private DNS. First, swipe down from the top of your device once or twice to access the notification shade and tap the gear icon to access the device settings.

      • krugermax01
      • 7 mths ago
      • Reported - view

        Thank you for the other-worldly knowledge.

      I'm not using an app. I use the private DNS feature of Android 12. I'm noticing log entries that should have been blocked by NetGuard.

      I can't spell it out any clearer.

      • R_P_M
      • 7 mths ago
      • Reported - view

       Isn’t this a problem for NetGuard to look into? Unless you are using a root enabled firewall you’re not going to block everything from these specific apps. 

      • krugermax01
      • 7 mths ago
      • Reported - view

       Indeed it is a problem for Netguard to look into, only support doesn't exist for us freeloaders who don't make a purchase or donation.

    • Will_Tisdale
    • 7 mths ago
    • Reported - view

    I suspect NetGuard is unable to block all DNS lookups because Android uses its own internal DNS resolver / cache.

    Android apps can call the resolver directly via the API or natively via a stub resolver. If an app calls it directly there is no network access from the app for NetGuard to block, the network access associated with the DNS request to NextDNS will be originating from the resolver daemon.

    If you're happy that NetGuard is working I wouldn't worry about it too much.

      • krugermax01
      • 7 mths ago
      • Reported - view

      I used the lock-down feature to block access to every app(including system apps), yet I could still see requests made by each app when it was opened.

      I think I'll uninstall Netguard until I have a better understanding.

      P.S: You seem educated, followed.

      • Will_Tisdale
      • 7 mths ago
      • Reported - view

       the system resolver is low level and isn't even a system app as such, it's part of the system itself, although they did split it off into an APEX module the other year. I doubt you'd be able to block that with an app, as that would hobble DNS requests for the whole android system and not just apps.

      I guess the way to test it is to block an app then try to access network resources from within that app. If that fails (but you still see the DNS requests) then you know the network access is being blocked and it's just the DNS requests that are succeeding via the resolver API, which isn't a huge issue.

Login to reply

Content aside

  • 7 mths agoLast active
  • 9Replies
  • 349Views
  • 4 Following