Traffic not filtered by DNS in some cases

[hakaishi]

I just noticed that DNSCrypt settings etc. will not work in some cases.

If I activate WiFi and open my app, ads are displayed.
The reason is most likely because I had set "mobile data always active" in the developer options (it was set by default).
If I restart the DNS connection, filtering starts working again.

I just tested around a bit and found no issues though. Battery optimization is off too.
DNS seems to be running, but for sone unknown reson ADs come through. Until I restart the DNS.

It possibly could have to do something with the device and its VPN implantation...

My phone is Google Pixel 4a (5G) with stock rom. Newest updates are installed. Android 11.

[Gedsh]

DNS seems to be running, but for sone unknown reson ADs come through.

Ads are stored inside apps and in the Play services cache. So you will see them for at least a few more days in some applications. In the browser, you can clear the cache or use the private browser tab and see the result faster.

[hakaishi]

Please carefully read what I am saying.
After restarting the DNS the filtering IS WORKING.

I forgot to mention that I'm using the beta version 1.3.5.

[Gedsh]

After restarting the DNS the filtering IS WORKING.

I cannot take ads into account. The reason has been explained above. Do you have anything else to show that DNSCrypt is not actually filtering DNS and the problem is not with the cache?

[hakaishi]

Just tried version 5.3.0, but it says no internet. And settings don't seem to get saved. I'll open another issue for this.

As for the beta... how should I prove that the DNS is not working? Maybe a fingerprinting website...
But like I said, restarting DNS temporarily solves the problem. I'll try the fingerprinting on the next occurrence. For me this is completely reproduceable. I think it either is a problem connected to battery saving or the VPN functionality. Eitherway, I'll report back to you.

[hakaishi]

Just reconfirmed it.

1. If I start DNS with WiFi disabled, everything works as expected.

2. If I now enable WiFi, ads are showing and leak test says WoodyNet (America). Please note that I have set a Japanese DNSCrypt only (relays are Netherlands or Germany).

3. If I change settings, nothing changes from the above.

4. If I stop DNS and then start it again, ads are blocked again and DNS leak test says "Linode, LLC" (Japan).

I hope this is enough proof for you. DNS was continuously running except when I temporarily stopped it like explained above.

[Gedsh]

how should I prove that the DNS is not working?

The best way is to use a hotspot on a PC with a sniffer configured like Wireshark. But if you don't have one, you can simply run EVERY DNS leak test in a new private browser tab.

If I now enable WiFi, ads are showing and leak test says WoodyNet (America).

Please use Bromite for the correct test. You should disable "Use secure DNS" in Bromite settings. Also go to MENU -> DNSCrypt Settings and activate ignore_system_dns. Chromium-based browsers like to use DOH even if all related options are disabled. The ignore_system_dns option tries to block this behavior.

For me this is completely reproduceable.

Unfortunately I cannot reproduce this on my devices. So it could be due to the specificity of your device or simply to the wrong test. As I mentioned above, Chromium-based browsers are very like to use DNS over HTTPS, even if it isn't configured. The DOH server is usually a server that is configured as bootstrap_resolvers in the DNSCrypt settings.

[hakaishi]

There is already proof that the DNS that I have set is not used, as it is not a Japanese one. I really don't understand your logic. But if it helps, I'll try and install bromite and prove it to you again.

[hakaishi]

I'm using Fennec. And it's a little bit hardened.
This whole issue is not related to any App.

You just gave me the solution above:

Also go to MENU -> DNSCrypt Settings and activate ignore_system_dns.

I'll mark this as solved. Thank you!