Open BurntBrunch opened 1 year ago
Same here. Not just browsers either - AVNC and Termux also can't resolve .local domains while personalDNSfilter is running.
Note that a number of the default lists[^1] have 127.0.0.1 local
entries near the top, which seems to cause .local domains to get blocked[^2], but even with !*.local
added to 'additional hosts' and the domains being logged in green (or personalDNSfilter in the 'paused' state), the domains still don't resolve correctly - only stopping the pseudo-VPN entirely works. (I get a slightly different error from AVNC after allowing the domain - presumably that's because it changes from getting a wrong/fake IP address to getting an NXDOMAIN error.)
Edit: personalDNSfilter doesn't seem to be blocking mDNS traffic at the network level - I can do dig @224.0.0.251 -p5353 (something).local
in Termux and get the correct response back. It just seems to be preventing the normal resolver from trying to do mDNS.
[^1]: Edit: Actually, only one that's enabled by default - the main StevenBlack one. But there are several of the disabled ones that have it too.
[^2]: Is it intentional that entries in hostfile-style lists are treated as applying to subdomains too, even though that's not how they would actually be treated in /etc/hosts
?
Looks like this is a side effect of pretending to be a VPN. From the official Android DNS resolver docs:
VPN and mobile data connections are excluded from .local resolution.
For this to work, personalDNSfilter may need to handle mDNS itself when running as a pseudo-VPN.
I see a few options to make .local domains work with pDNSf in pseudo-VPN mode:
DNSCommunicator.requestDNS
. However:
DNSResolver.resolveLocal
or DNSCommunicator.requestDNS
when the hostname ends in .local (or a few other domains, see below).
Additional notes:
[^legacy]: See sections 5.1 and 6.7 of RFC 6762.
[^nsd]: Network Service Discovery
When using VPN mode, mDNS lookups (e.g. storage.local) fail in all browsers. Stopping the app restores lookups to .local domains.
No amount of configuration changes I could find fixes this. There's clearly something triggering the mdns fallback in the bionic resolver and personaldnsfilter is not triggering it.
(Pixel 7 Pro, Android 13)