Fallback/Secondary DNS - Githubissues

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.

https://rethinkfirewall.com/

Apache License 2.0

3k stars 154 forks source link

Fallback/Secondary DNS #211

Closed Generator closed 1 year ago

Generator commented 3 years ago

Description

RethinkDNS app only uses one DNS server, in case of service issues connections will fail.
Some users have self-hosted DNS server (AdGuard Home, Pi-Hole ...), sometimes the server need maintenance or system fail, during maintenance users could use the main DNS.

Solution

Having a secondary DNS or fallback will solve the issues in case of main server failure.

ignoramous commented 3 years ago

Makes sense. We do plan to introduce concept of what we call a default server to which the connections would fallback upon.

That said, for DNSCrypt and DoH, servers are bootstrapped with multiple IPs where available. For example, RethinkDNS' servers are behind three Cloudflare anycast IPs and all three can and will be used in the current implementation.

4-FLOSS-Free-Libre-Open-Source-Software commented 3 years ago

Some users have self-hosted DNS server (AdGuard Home, Pi-Hole ...),

Would be nice to use this as default, but if can't connect for whatever reason or when you are not connected at home wifi to automatically fallback to a backup dns.

alextenev commented 1 year ago

Hi, Any chance for this feature to be developed?

ignoramous commented 1 year ago

Yes, fallback dns shipped with v054 (3 weeks ago): Configure -> Settings -> Fallback DNS

Only a limited number of fallbacks (all DoH) though:

Rethink (zero.rethinkdns.com)
Cloudflare (cloudflare-dns.com)
Google (dns.google)

We plan to add Quad9 and System DNS in a future release.

Fallback is rarely needed so, a range of configuration options aren't really required. Besides, fallback DNS entries are hard-coded into the app and cannot be user modified.

https://github.com/celzero/rethink-app/blob/139272a1ad86f76492af3e9f827ce9cc10cba21e/app/src/main/java/com/celzero/bravedns/util/Constants.kt#L272-L277

NanashiTheNameless commented 1 year ago

Consider adding the ability to revert to the old behavior for security reasons...

ignoramous commented 1 year ago

What security reasons do you think warrant removal of a fallback? I can see the privacy angle.

Perhaps, we should add None as an option that disables fallback.

NanashiTheNameless commented 1 year ago

Exactly my point, just a simple "none" option

edit: security as in ensuring DNS queries ONLY go through my existing DNS firewall (NextDNS) thats why im sadly currently stuck with nebulo

ignoramous commented 5 months ago

security as in ensuring DNS queries ONLY go through my existing DNS firewall (NextDNS)

None has been there as "Fallback" for some 8 months now.

Fallback is rarely needed so, a range of configuration options aren't really required. Besides, fallback DNS entries are hard-coded into the app and cannot be user modified.

https://github.com/golang/go/issues/8877#issuecomment-1105743745