Feature Request: Bypassing and custom DNS

[KianiDev]

What would you like to add or change?:

1. Add an option to exclude an app from Portmaster completely
2. Add an option to bypass DNS and use the default system DNS
3. Setting up a custom DNS for each app. Example: Google DNS is used for all apps in Portmaster Except Chrome, Chrome DNS requests are going to Cloudflare.

Why do you and others need this?:

1. Some apps need to be excluded from Portmaster to work.
2. Some apps need unsecure DNS, and sometimes they don't have an internal DNS resolver, so bypassing Secure DNS won't fix it.
3. Some DNS providers (like AdGuard DNS) have security and block some domains, but the Portmaster rules won't break them. Or the app doesn't allow an IP to connect, and the VPN or the SPN in Portmaster makes it unusable or slow, but the user wants to block ads and trackers using Portmaster and monitor connections. In these cases, the ability to use another DNS without changing the DNS for whole apps or turning off Portmaster helps a lot.

[Raphty]

Thanks for the suggestion, I don't yet fully understand what you need this for, let me explain a bit more how Portmaster works.

1) Portmaster is not interfering with the app directly, it sits in the network stack and each app that needs some network connection needs to go through that anyway. I guess what you mean is Portmaster should allow everything, and that you can configure in the app.

2) Portmaster checks all configured DNS and by default also network and system DNS, if you have not clicked on disable network/system dns (which it is not by default) then it will also check those.... we are absolutely aware that some companies, schools or universities have intranets with local domains that some need to resolve - this is why it is configured like that

3) If I get you correct here you want to split the DNS to add rules to the filter lists? you can recommend rule lists to Portmaster https://github.com/safing/intel-data You lost me with what SPN or VPNs have to do with anything regarding this.

[KianiDev]

Hi,

1. I mean exclude an app from Portmaster, to bypass DNS and other things. I think this feature can also fix compatibility with some VPNs and other apps.
2. Some DNSs can change your IP/location to anonymize the user. Using DNS instead of VPN/SPN can get more speed and static IP (SPN supports too, but DNS is free). That's why I recommend this feature. Sometimes a website or an app breaks because of DNS or it blocks the DNS, but the user needs the DNS for adblocking and more, so the ability to use another DNS is useful.
3. DNS set in Portmaster is used even if Disable network/system DNS is off, so it does not help always.

[Redo11]

I need this option to manually do DNS requests with DIG program. I don't want my requests to be resolved by Portmaster Secure DNS, when I am specifying a specific DNS server to resolve the domain. Example:

albert@Albert-PC ~ % dig @1.1.1.1 wikipedia.org

; <<>> DiG 9.18.21 <<>> @1.1.1.1 wikipedia.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34461
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;wikipedia.org.                 IN      A

;; ANSWER SECTION:
wikipedia.org.          17      IN      A       185.15.59.224

;; ADDITIONAL SECTION:
info.portmaster.        0       IN      TXT     "accepted: allowing dns request"
info.portmaster.        0       IN      TXT     "freshly resolved by Quad9 (dot://dns.quad9.net:853#config)"
info.portmaster.        0       IN      TXT     "record valid for 7m26s"

;; Query time: 32 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sat Feb 10 17:22:35 CET 2024
;; MSG SIZE  rcvd: 254

[github-actions[bot]]

This issue has been automatically marked as inactive because it has not had activity in the past two months.

If no further activity occurs, this issue will be automatically closed in one week in order to increase our focus on active topics.

[github-actions[bot]]

This issue has been automatically closed because it has not had recent activity. Thank you for your contributions.

If the issue has not been resolved, you can find more information in our Wiki or continue the conversation on our Discord.