Cannot block Facebook app
Hey, I cannot block Facebook app. The DNS does not filter out some of Facebooks secondary domains. This left it working even if I add it to parental controls. I am using Facebook lite app. On the screenshot you can see the domains that were not blocked. I know I can add them manually but I don't think it should be configured like that. Can you look into this. I am using NextDNS app on Android 7.
19 replies
-
We validated with a fresh Android install and Facebook, and our current facebook block is effective at blocking access to Facebook app's content. Note that it will still let you sign-in and see already cached content. Also, keep in mind the Facebook app is keeping many things including DNS entries in cache, so it can take some time for DNS block to be effective with this app.
Additionally, we do not block all Facebook domains (like fbcdn) as some of them are shared between different facebook apps. In our experience, blocking them would not improve facebook blocking but will block more than what is requested.
If you still think we are missing something, please open a ticket on https://github.com/nextdns/metadata with detailed steps to reproduce the issue.
-
NextDNS When I enable Facebook block in parental controls it doesn't really get blocked, but when I add facebook.com to the blocked domain list it does get blocked. This is probably because parental controls do not block all the Facebook sub domains. Could you guys improve this by adding more Facebook subdomains to the predefined Facebook parental control setup? I've added some screenshots with DNS logs to prove this. The first one is parental controls enabled, the second one is when facebook.com is added to blocked list.
-
-
You can try the "No Facebook" blocklist or add secondary facebook domains (like fbcdn.net) to your denylist
-
If you have the Facebook app installed you are exposed anyway.
Apps can use their own DNS and can make direct connections without DNS.
udp://
tcp://
ws://
...-
losnad that's not true. Facebook app uses DNS servers like any other internet application. I have a DNS blocking mechanism on my home router. If I add the word "facebook" to the block list all DNS queries containing this string are blocked and Facebook app is also blocked. You don't know what you're you talking about.
-
losnad and also... OpenDNS can block Facebook app, controlD DNS app can block it as well. So if those DNS providers can do it, so can NextDNS. The problem is that the developers did not include all the Facebook domains in their parental controls.
-
I don't know what I'm talking about. Or why.
-
losnad no You don't. the app that you are using does not show any DNS queries because it does not capture DNS traffic. Use something like Wireshark instead. But you would have to mirror or forward traffic from your smartphone to a computer.
-
Lana Jaeger don't worry. I know what I'm doing.
-
-
Hi recently from app privacy report when app is not blocked by DNS, found different address from Facebook, wondering how @nextDNS will address these kind of addresses
2a03:2880:f031:12:face:b00c:0:2
-
NextDns ^^
-
Sandy direct IP access can’t blocked with DNS
-
DynamicNotSlow This might be real issue then, we cannot block the facebook app if they change direct IPV4/IPV6 address dynamically
-
Sandy correct.
-
Sandy Don't worry about the ipv6, just block these two domains: fbcdn.net and facebook.com and then close the Facebook app, wait for about 5 minutes so the TLS sesion will time out and them open the app again. Facebook will stop working. You might see some leftovers stored in the app memory, but the app will be blocked.
-
Content aside
-
1
Likes
- 2 yrs agoLast active
- 19Replies
- 1374Views
-
5
Following