Open bono3729 opened 1 year ago
@bono3729 Hi! Unfortunately, there is no technical possibility to separate DNS system module from other system applications.
The best solution would be to create a custom firewall rule for the System apps
group. Please check if it works for you and let me know the result.
@Versty Hello. I set the firewall rule for 'System apps group' but it didn't work. It's very unfortunate that I can't separate the DNS module.
If so, is there no problem with all the protection features if I exclude DNS port from filtering? I'm now using 853 port without AdGuard filtering. Ad-block, DNS or firewall also works correctly. However, it is difficult for users to know if tracking protection works correctly, so I don't know if there is any problem.
If you can't detach the DNS module, I hope that excluding DNS ports from filtering is the correct solution.
@bono3729 Yes, excluding port 853 should work fine as a temporary solution.
We have successfully reproduced this issue and are currently looking for the cause.
Please answer the following questions for yourself before submitting an issue.
AdGuard version
4.1 Nightly 10
Environment
Root access
Issue Details
Prerequisites
Steps to reproduce:
Expected Behavior
Chrome should be able to use the network, other applications should not be allowed to use the network
Actual Behavior
Internet unavailable due to blocking of all DNS traffic
Additional Information
Added by @Versty The same setup works flawlessly if the operating mode is set to Local VPN
Original text
I basically want to block all apps from connecting to the Internet, and allow only the apps I want to connect to. So the global firewall rules blocked all connections, and the custom firewall rules allowed only some apps. However, if a global firewall rule blocks all traffic, DNS traffic is also blocked. In AdGuard v3, DNS traffic was allowed in firewall rules. However, in v4, DNS disappeared from the app list. Therefore, DNS traffic cannot be allowed separately. With AdGuard DNS protection, there are no DNS issues. However, since I sometimes have to turn off AdGuard, I would like to use Android Private DNS that is independent of AdGuard for minimal protection. Since Android Private DNS is DoT, and DoT uses 853 port, the current temporary solution is to modify the range of filtering ports in low-level settings to use Android Private DNS as follows. 80..852 854..5221 5299..65535 There seems to be no problem with the use, but I don't know how it affects the actual AdGuard protection. For proper resolution, please add DNS to the custom firewall rule as before.