After switching to LOS, I have problems using the DNS servers on my internal network. This is needed to be able to connect to internal servers by hostname.
All DNS queries seem to go to g*'s DNS server (8.8.8.8 and 8.8.4.4). I confirmed this by using host -v internal.dns.name
which then reports that internal.dns.name
is not found on one of those servers.
- I tried using fixed WiFi IP in the WiFi settings but these seem ignored.
- Checking
getproperties
shows the alternalive DNS servers. Seems to be ignored. - I found following: âSince Android 6.1.x you only can change the DNS for tether device and nothing else, everything else get ignored, no matter what you set or which app youâre useâ which doesnât seem very promising .
What is my use case ?
- Run as much open source as possible
- Use internal DNS server when either connected to my own WiFi (but not others) or when I have activated the VPN to tunnel to my internal network from elsewhere.
This worked out of the box on Android 5 FPOOS (havenât tried 6).
I have been playing around with DNS66 but
- I canât seem to figure out how to use it for what I want
- Will it be able to apply different rules for different settings ?
- It works by setting up a VPN. Does that work when I set up a second VPN to my home network ?
I also tried AFWall+. That seemed more promising when using the customized scripts. I did create a script that seems to work when running it from ADB. However, using the same script in AFWall seems to confuse it and I regularly get blocked without any DNS service .
Is there something wrong with the script ?
Are there other alternatives ? I can think of
- udev rules to run the mentioned script
- get a notification on network setting changes and then run the script
- cron job (shudder, what will that do to battery consumption ?)
Hereâs the script:
IP6TABLES=/system/bin/ip6tables
IPTABLES=/system/bin/iptables
TRUSTED_DNS_SERVERS='213.73.91.35 Chaos Computer Club
85.214.20.141 Digitalcourse e.V.
194.150.168.168 AS250.net
84.200.69.80 dns.watch 1
84.200.70.40 dns.watch 2
204.152.184.76 ISC
208.67.222.222 resolver1.opendns.com
208.67.220.220 resolver2.opendns.com
208.67.222.220 resolver3.opendns.com
208.67.220.222 resolver4.opendns.com'
INTERNAL_NETWORK='192.168.99.'
INTERNAL_SERVER='192.168.99.33'
IN_SRV_PORT='99'
INTERNAL_DNS='192.168.99.66'
CHAIN_NAME='my_rules'
internal_network='no'
net=$(ip -o addr | grep '^[0-9]*:[[:space:]]*tun' | sed 's/.*inet \([0-9./]*\).*/\1/' | fgrep $INTERNAL_NETWORK)
if [[ -n "$net" ]]
then
timeout 3 nc -q 2 -w 2 $INTERNAL_SERVER $IN_SRV_PORT >/dev/null 2>&1
retval=$?
if (( $retval == 142 ))
then
internal_network='yes'
fi
fi
if [[ $internal_network == 'yes' ]]
then
DNS1=$INTERNAL_DNS
DNS2=$INTERNAL_DNS
else
nr_servers=$(echo "$TRUSTED_DNS_SERVERS" | wc -l)
DNS1=$(echo "$TRUSTED_DNS_SERVERS" | cut -c-16 | sed -n "$(( $RANDOM % $nr_servers + 1 ))p")
DNS1=$(echo $DNS1) # strip spaces
DNS2=$(echo "$TRUSTED_DNS_SERVERS" | cut -c-16 | sed -n "$(( $RANDOM % $nr_servers + 1 ))p")
DNS2=$(echo $DNS2) # strip spaces
fi
$IPTABLES -t nat -D OUTPUT -j $CHAIN_NAME
$IPTABLES -t nat -F $CHAIN_NAME
$IPTABLES -t nat -X $CHAIN_NAME
$IPTABLES -t nat -N $CHAIN_NAME
$IPTABLES -t nat -I OUTPUT -j $CHAIN_NAME
$IPTABLES -t nat -A $CHAIN_NAME -p tcp --dport 53 -d 8.8.8.8 -j DNAT --to-destination $DNS1:53
$IPTABLES -t nat -A $CHAIN_NAME -p udp --dport 53 -d 8.8.8.8 -j DNAT --to-destination $DNS1:53
$IPTABLES -t nat -A $CHAIN_NAME -p tcp --dport 53 -d 8.8.4.4 -j DNAT --to-destination $DNS2:53
$IPTABLES -t nat -A $CHAIN_NAME -p udp --dport 53 -d 8.8.4.4 -j DNAT --to-destination $DNS2:53
# disallow any DNS query going to google
$IPTABLES -D OUTPUT -j $CHAIN_NAME
$IPTABLES -F $CHAIN_NAME
$IPTABLES -X $CHAIN_NAME
$IPTABLES -N $CHAIN_NAME
$IPTABLES -I OUTPUT -j $CHAIN_NAME
$IPTABLES -I $CHAIN_NAME -p tcp --dport 53 -d 8.8.8.8 -j REJECT
$IPTABLES -I $CHAIN_NAME -p udp --dport 53 -d 8.8.8.8 -j REJECT
$IPTABLES -I $CHAIN_NAME -p tcp --dport 53 -d 8.8.4.4 -j REJECT
$IPTABLES -I $CHAIN_NAME -p udp --dport 53 -d 8.8.4.4 -j REJECT
exit
Thanks for any help. This is driving me crazy.