search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
2.98k stars 151 forks source link

Custom DNS Answers #316

Open ignoramous opened 3 years ago

ignoramous commented 3 years ago

For A, AAAA (and HTTPS/SVCB?) queries, the users may want RethinkDNS to reply with custom answers. One usecase is to bypass censorship based on DNS manipulation. Another is to simply look up something on the local network. The third is to blackhole a domain into 0.0.0.0

270 #296

ignoramous commented 3 years ago

A user says

Rethink DNS is blocked in the country where I stay for now. In fact all undcryptable dns querys are blocked.

I mean the Firewall should be able to work as a local dns host for a short list of domains. So the most used queries won't have to forward requests remotely. The queries you use almost every second for example Signal connection queries should be able to resolute locally without to bother any remote DNS servers.

It's perfect to have a cache to retain correct ip addresses of relevant domains for a certain period. And the app should be able to do statistics for users like what are the most often queried domains, and do you want to cache it, or you want it to resolute in some other addresses?

4-FLOSS-Free-Libre-Open-Source-Software commented 3 years ago

to blackhole a domain into 0.0.0.0

Looks like custom DNS filter list.

ItsIgnacioPortal commented 1 year ago

This is the only feature keeping me from switching from NetGuard + personalDNSfilter to RethinkDNS. Custom DNS answers are a must-have if you want to self-host anything in your LAN and connect to it over HTTPS. Without custom DNS resolution, HTTPS can't work in a LAN.

ignoramous commented 1 year ago

Custom DNS answers are a must-have if you want to self-host anything in your LAN

That's split-horizon DNS (local queries resolved by DHCP / OS / Network provided DNS, and other queries upstreamed)? This is coming in v054 (due very soon, depending on how final set of testing pans out over the weekend).

ItsIgnacioPortal commented 1 year ago

That's split-horizon DNS (local queries resolved by DHCP / OS / Network provided DNS, and other queries upstreamed)?

Sorry, I don't understand what you're asking

ignoramous commented 1 year ago

Sorry, I could have been more clearer.

I meant, do you need Rethink to resolve LAN-specific DNS queries (.local, .internal, .localhost, etc) via System DNS (network provided DNS) and the rest by user-selected upstream (whichever it may be)?

ItsIgnacioPortal commented 1 year ago

I meant, do you need Rethink to resolve LAN-specific DNS queries (.local, .internal, .localhost, etc) via System DNS (network provided DNS) and the rest by user-selected upstream (whichever it may be)?

No not really. In my case, I can't control any DNS server, neither upstream nor the System DNS server, so I need ReThinkDNS to resolve the query locally.

Rhys-T commented 1 year ago

This is the only feature keeping me from switching from NetGuard + personalDNSfilter to RethinkDNS. Custom DNS answers are a must-have if you want to self-host anything in your LAN and connect to it over HTTPS. Without custom DNS resolution, HTTPS can't work in a LAN.

For what it's worth, you can stack pDNSf (in proxy mode) with Rethink, in what I'm guessing is a similar way to how you have pDNSf and NetGuard working together: set the Rethink app to use 'Other DNS', go to the 'Dns Proxy' tab, and add pDNSf as an option. I'm trying out a similar 'hybrid' setup right now, mostly for this exact feature. I agree it would be nice if this didn't take two separate apps, though.

Edit 4/28/2023: Actually, I am having one issue with that combination - Rethink can't auto-start itself when the device boots, if pDNSf is also set to auto-start. (See IngoZenz/personaldnsfilter#264.) So you might not want to switch to that setup just yet.

Edit 4/30/2023: There's a test build of pDNSf in https://github.com/IngoZenz/personaldnsfilter/issues/264#issuecomment-1528770301 that seems to fix that auto-start issue, so hopefully that fix will make it into the release version soon.

Edit 2/22/2024: That fix has made it into the release version of pDNSf, so it shouldn't interfere with Rethink auto-starting anymore.

neisor commented 5 months ago

+1

I'd be interested to have this feature in Rethink app, as well. Currently in need of having this.

Any updates in regards to this?

Thank you

ignoramous commented 5 months ago

This isn't priority amid other issues (given workarounds exist). Welcome pull requests. Or feature sponsorship.

ItsIgnacioPortal commented 5 months ago

I've also been testing some workarounds regarding this issue, and I've found that DDNS (Dynamic DNS) is a much better solution than using personalDNSfilter locally. DDNS allows the custom DNS resolutions to be hosted in a publicly-accessible DNS server, as well as allowing legitimate Certificate Authorities to issue TLS certificates for said domains.

Given these workarounds, I agree that this issue should be lowered priority-wise.