search

blokadaorg / blokada

The official repo for Blokada apps.
https://blokada.org
3.06k stars 215 forks source link

DNS Fallback blocks PiHole DNS #785

Open Michitroniker opened 4 years ago

Michitroniker commented 4 years ago

Actual behaviour

My network contains a pihole DNS. If Blockada is active on my device, no DNS resolution is made. If I configure PiHole as DNS in Blockada still blocks DNS resolution. After deactivating blokada DNS resolving works. Also it works if the Fallback DNS is deactivated.

Expected behaviour

DNS Falback settings should work proper and only be used if the configured DNS isn't available. So blokada can be active independently if I'm in my network or not and Fallback DNS is needed.

Steps to reproduce

Let us know how can we get the same result that you have. If it happened only once, please check if you can get the same misbehaviour again. Don't report one-time-only glitches.

  1. Setup PiHole in network
  2. activate Blokada
  3. try to resolve domain name

Configuration

  1. Blokada version: 4.8.3
  2. Device model: Gigaset GS290
  3. Android version / ROM: Android 10 (Gigaset_GS290_10.0_V05:20200819)
  4. PiHole Version: V5.1.2

Questions

  1. Do you know about recent updates (for example system update, security patch update)? Blokada is the latest version and the android was updated a week ago.

  2. How often does this problem happen to you? permanently

peterroth commented 4 years ago

So, if I understand it correctly, the DNS resolution works if you disable the Fallback DNS option? The Fallback DNS is added to avoid situations where the DNS server (like in your case) is unavailable on the network due to the nature of the VPN (what Blokada uses even for filtering ads), so the user won't lack internet connection. If you have a DNS server on your local network, disable DNS Fallback.

Michitroniker commented 4 years ago

That is correct. But if the Fallback is activated Blokada will not establish any connect to the internet even if the local DNS is available. If I disable the DNS Fallback and I change into a Network without my local DNS the Fallback will not work due to deactivation. So I have to activate it again and deactivate it if I get into first Network with an local DNS again. I thought the Fallback should cover this situation. First check if configured DNS is available. If yes, use this one and if not, use the fallback.

peterroth commented 4 years ago

I see; you are correct. Thank you for the clarification.

ogamibird commented 4 years ago

I have the same problem. I have a local dns in my local network for resolving local hostnames. But because of this error i can't realy use it, because as soon as you activate the fallback option local dns servers are getting ignored. But deactivating the fallback is also no real option because then you need to activate it again manually when changing to mobile data.

peterroth commented 4 years ago

@ogamibird You don't need Fallback on mobile data, that will never be active. Fallback is used when the DNS address is a local address and Blokada can't address it, what isn't possible on mobile data.

ogamibird commented 4 years ago

@peterroth Thank you for your answer, but i think i dont quite get what you mean. Pressumably maybe i don't get what the fallback option is realy meant for but in my understanding the option would work as follows: Assuming the DNS server in my home network is running at 192.168.1.100:53 and that is also the adress that is configured as DNS server in blockada. Also the fallback option is enabled.

  1. Im in my home network: 192.168.1.100:53 is reachable -> Fallback does not jump in -> DNS queries are getting send to 192.168.1.100:53

  2. Im on mobile data: 192.168.1.100:53 not reachable -> fallback jumps on -> DNS queries are getting send to Cloudflare or Google

  3. Im on a different wiif-network e.g. a friends network: same as 2.

Do I totally misunderstand what the fallback option is meant for or isnt this how it is supposed to work?

peterroth commented 4 years ago

@ogamibird not totally misunderstood, but the other way around. First, it worth to know there's no set DNS server on the network 192.168.x.x in Blokada. If you use the default DNS server, that comes from the phone's configuration (what it gets from the connected router). When Blokada is started, it generates a (VPN) tunnel to filter ads. It happens with a separate (internal) network address. Because Blokada doesn't know your network setup, it has 3 predefined subnetworks it tries to use. If one is available, it claims that (like 192.168.1. x). The problem is if the DNS server sits in another local IP address (for example 192.168.0.100), due to the nature of the VPN tunnel, that cannot be addressed, thus, that's unavailable. For such situation the Fallback DNS is set, that's an external and addressable.