Open ghost opened 5 years ago
At first I wasn't sure about this as you can change the DNS settings in the settings of iOS, but, of course, you can't change the settings that your telecoms (3d/4g etc) provider send you.
Therefore +1 for this.
Cloudflare does this with their 1.1.1.1 app.
Whilst we're talking about custom DNS, can we have the option to send DNS-Over-TLS or DNS-Over-HTTPS also.
So this is interesting. I'm not sure the current code base will support this feature. From what I can see the code sets up a split-tunnel VPN, and sends all matching traffic (the blocked stuff) down the VPN into a GCDProxyServer black hole. The stuff that isn't blocked bypasses the VPN and is allowed. We could set the DNS server for the traffic going down the VPN, but as it's going to get blocked anyway that's kinda pointless.
I'm keen to see the source for the current release and the current GCDProxyServer as I assume this must have changed.
DoH & DoT is what #13 issue is about as well
For the record, with the latest release of code, things have changed significantly, and this now appears one step easier to implement.
On the technical side, we've found a few ways to do this while still having the firewall work well, but we're going to go through some extensive testing before releasing it - it's not a small change.
Currently planned as a feature for 0.3.0.
Alright sounds great be sure to release to TestFlight for community testing
You can configure the systemwide DNS server on iOS using configuration profiles
Based on an email conversation I had back in May with one of the developers, starting with version 2.0, Lockdown is now hardcoded to use Cloudflare's 1.1.1.1 and 1.0.0.1 as its upstream DNS servers.
In prior versions, it would send upstream DNS queries to whatever the system-default DNS server was. (As set by DHCP; or as set statically in the iOS network settings; or—I presume—as set via configuration profile, when applicable.)
That email conversation actually originally came about because I'd noticed, starting with 2.0.0, that I could no longer connect to LAN hostnames in my iOS SSH client app when the Lockdown firewall was enabled.
I have a caching DNS server on my LAN which, among other things, resolves queries for LAN machine hostnames. And then I've set up DHCP on the LAN to advertise that DNS server to clients so they'll automatically use it.
I was told in that email conversation that they would like to make the upstream DNS resolver configurable in future versions.
So, to summarize:
Allow us to add a custom dns to lockdown such as googles or better yet Cloudflares 1.1.1.1