download able binary package

[cubakcabak]

please provide downloadable binary package for easy installations in running system.

my phone is AOSP kitkat, armv7.

i'm just power user, so i dont know how and whats needed to compile the source into binary executable.

but it will be wonderful if i could use it in my phone.

thank you for your great work.

[rsenger2]

I managed to compile a working package for KitKat (my first time using Android SDK+NDK). I am running Unbound right at boot with a small script in /etc/init.d/. However, most DNS changer apps do not work any more on 4.2+, you need to write scripts on your own and run them e.g. with the Tasker app after every network connection change. Works great, setup & forget! If you're interested in the binaries or the scripts, let me know.

Thanks @smarek, great work! I was looking for something like this since I configured bind9 as local validating resolver on my notebooks about a year ago, with no luck, until I found this project.

Go ahead with your app!

[smarek]

Hey @rsenger2 that's really great ! I'm sorry but lately I had no time, and for a while it stills, to invest in this project again. Yes, I'd be really glad to get your contribution on this. Could you please put it up somewhere or do a pull request to this repository, so I can consolidate it with the app later?

Thank you so much for pushing this project forward !

[smarek]

@rsenger2 also, I'd recommend you to use IPTables to redirect passing DNS traffic (IN and OUT) through running Unbound instance on some non-privileged port (1024+), instead of switching network configuration, which is kind of messy on so many implementations and connectivity variants (ie. multi-sim devices, usb tethering, reverse usb tethering, wifi hotspot, wifi direct, USB-OTG mounted network modem, etc...)

[rsenger2]

@smarek, Yes, that's what I finally did. Tried some DNS changer apps, but most are broken on KitKat and Lollipop. The only one working is called "Override DNS", but it needs to set DNS everytime the connection changes and everytime the DHCP client renews the lease, and there's a hole of about 10 to 30 seconds where DNS requests go out directly until the app sets DNS again.

However, using iptables also turned out to be tricky. The android stock resolver is running as root, so I needed Unbound to run as non-root to be able to filter DNS requests and redirect to Unbound without creating a loop. I don't know how to create users on android, so I tried "system" and "shell" first, both did not work cause these users seem not to be allowed to create outbound sockets. I found that running Ubound as user "inet" (uid 3003) works fine. Now I redirect all outgoing DNS requests to 127.0.0.1, except those from Unbound itself. Works fine, installed that on my wife's phone too without telling her, and did not get any complaints until today ;) Unfortunately this does not work with ipv6 on older kernels, as it requires NAT. But that's not a problem on KitKat, as this release's ipv6 support is incomplete anyway and it will never get any ipv6 DNS configured.

[smarek]

Cool, would you mind share the binaries and scripts you do currently use? Im already making progress with wrapper application, do this would help a lot.

Ipv6 support is overall horrible on mobile devices, so I consider it as secondary transport option in configuration

Also the non root switching could be done VPN,like style, similar to NoRoot Firewall applocations, where we would tansparently intercept both tcp and udp on port 53, and pass other traffic directly.

[smarek]

@rsenger2 I've updated sources yesterday, and fixed few things (openssl is now correct runnable, unbound uses correct paths for PID, configurations, root key), I've added default configuration and now I'm working on having the Android wrapper app, which will simply keep the unbound running or restart it on failure, display logs and simple config editor.

However I've tried to set-up IPTables to forward all outbound DNS traffic through Unbound port (ie. 5353), but that didn't work well. I've been able to push the outbound socket from both system and shell users, however it's not possible to run it on port 53 to be system transparent, without root access. IPv6 DNS was not a problem (through IPTables it fell on correct interface/ip/socket, however changing from wifi to 3G/LTE will mess up the interfaces, and requests are done per-interface, not globally through system defined DNS resolver)

How did you manage to keep the DNS settings correct? Manual setting through Settings>Networks or some script way?

[smarek]

You can download both binaries (package.zip) and Android application (app-debug.apk) in releases section, https://github.com/smarek/android-unbound-dns/releases