Version 3.5.1 (Donate) breaks internet access

[jw243]

Describe the bug Since version 3.5.1 internet access is not possible anymore upon restart of device. It seems to be related to Private DNS, as internet access does not work at all with Private DNS switched on. With Private DNS switched off, unencrypted access to DNS server on port 53 is blocked, although "Apps with root privileges" are enabled, while "Disbable DNS via netd" is enabled.

Firewall Logs Please get the log from Menu -> Show Rules -> (menu) Export to storage and attach it here

Smartphone (please complete the following information):

• Device: Galaxy Tab S2 8.0
• Android OS: LOS 16.1

Additional context Add any other context about the problem here.

[iWARR]

Bug is confimed on v3.5.2

Permissions do not work (in spite of the allow-checkboxes) for:

[0] (root) - applications with root access

Accordingly, the dnscrypt-proxy binary does not get access to the network and Internet (namely, DNS) is unavailable. In the upper toolbar, next to the app icon, a crossed out circle is constantly appears. The log also reports blocking [0] (root).

• Device: Xiaomi Mi5
• Android OS: crDroid (LOS-based, Android 10)
• ROOT
• Admin premission - Enabled
• Disbable DNS via netd - Enabled

P.S. v3.4.0 was OK on same config.

---

@Author - Anti-leaking Script (Another one old known issue) Please, test and fix your anti-leaking script (Experimental) with dnscrypt-proxy Also "Override DNS" used in tandem to provide reliable 127.0.0.1 for dnscrypt-proxy. (Other apps can't win ugly and agressive Android's built-in DNS daemon)

I can't use this useful anti-leaking feature because:

• (potentially) it breaks fallback resolver of dnscrypt-proxy
• (really) apps can't start after reboot (messanger) Issue

[Braintoe]

Can confirm as well - with 3.5.0/3.5.1 (donate version) Wireguard fails to get DNS resolution, while 3.4.0 and below work fine with the following settings:

Device: Sony Xperia XZ1 compact Android OS: LOS17.1 ROOT [0] Apps with Root privileges: access enabled at all times Wireguard: access enabled at all times DNS proxy - set to "Disable DNS via netd"

[brerk]

Having same issues with Private DNS, after some time i can't connect to internet, so i have to:

• Disable the firewall
• Flush Rules
• Activate Private DNS
• Enable Firewall

My device is a Redmi Note 8 rooted with Magisk v23 and DNS Proxy as "Disable DNS via netd"

[Braintoe]

Tried again with 3.5.2.1 (most current version) and with log enabled. No change so far - Apps with Root access are not allowed to get out despite being allowed in the settings.

[H-H-M]

I am having the same issue. I actually already had it with my previous phone, as soon as I updated to 3.5.0. (running LineageOs 16, Magisk 21.2, EdXposed and XprivacyLua Pro).

I just bought the FP3+, i.e. I installed everything from scratch and I only installed the apps mentioned below + SDMaid Pro up until now.
As long as Afwall+ was not installed, Internet connection worked like a charm. But after I installed and activated Afwall+ 3.5.2, it was not possible to get any connection anymore when using the "Allow Selected" Firewall Mode, even when I allowed access for literally everything.

=> The workaround I found is to use the "Block Selected" Firewall Mode in connection with the DNS proxy "Auto" setting.

I would rather prefer the "Allow Selected" / whitelisting approach, but I could not get it to work...

Device: Fairphone 3+ Android OS: LineageOS 17.1

• Magisk 23.0,
• Riru Core 26.1.2
• LSPosed 1.6.0
• XPrivacyLua Pro 1.29 (no restrictions applied yet),
• Afwall + Donate 3.5.2 ROOT: Yes + SU Permission for Afwall enabled + LSPosed Afwall-Module enabled

Afwall Settings: IPtables binary: Built-in BusyBox binary: Built-in DNS proxy: Auto