FORUMS
Remove All Ads from XDA

DNScrypt proxy for Android install

336 posts
Thanks Meter: 56
 
By Draygon, Senior Member on 24th June 2014, 10:10 AM
Post Reply Subscribe to Thread Email Thread
18th October 2015, 12:17 AM |#61  
cantenna's Avatar
Senior Member
Flag Newcastle
Thanks Meter: 267
 
More
Hi Mafa, you seem to be a good guy to ask about this stuff, i have been using dnscrypt for about a month now, opendns welcome test page has been showing a check mark but as of yesterday on all of my android devices i am unable to retrieve certs from dnscrypt.org-fr. It seems to be the sames for all servers that offer "DNSSEC validation" I can retrieve certs from other resolvers but upon visiting the opendns test welcome page i am now presented with opps you are not conected. However dnsleaktest.com verifies i am connected to the resolver, do you have any insight as to whats going on here? Are you or any other users having difficulties as of late as well with connections? Would like to know if this is a problem with my configuration.

Also, can you help me with how I can test if my dns enquirers are encrypted on android? Before I would just visit opendns test website and look for the check mark but is this the best test?

Update: earlier today i was able to retrieve certs again from dnscrypt.org-fr guess there was a problem with the servers??

I also tried dnsmachine.net-de briefly on a few devices, terminal reported all was okay,certs downloaded okay, etc but internet didn't work at all. I guess some servers experience issues from time to time? Do you have any insight on this?

I am really stumped as to how to confirm service is actually working. I tried wireshark and following instructions here but it doesn't report the same at all
http://askubuntu.com/questions/10536...s-is-encrypted
Last edited by cantenna; 18th October 2015 at 09:01 AM.
 
 
20th October 2015, 08:31 PM |#62  
Senior Member
Thanks Meter: 52
 
More
Over the past few weeks I've also been having problems with dnscrypt.org-fr as well as dnscrypt.eu-dk and dnscrypt.eu-nl. I can't seem to figure out how to properly change the DNS servers on an Android device (it keeps changing) which is why the iptables redirect is there. Unfortunately, when a server goes down you don't have a backup - this is normally why you have 2-3 DNS servers loaded.

I'm not sure what the issue with dnsmachine.net-de so I can't really comment. How are you changing the servers? Disabling dnscrypt and then editing the init file and then starting it again? Or are you just running the one-liner?

Usually to confirm it's working I use tcpdump on my device and then analyze the packets on my computer. I'll test it out now and post my results.
-----
Weird. Even with the iptables redirect I'm still seeing a lot of traffic going to my carrier's DNS and unencrypted packets sent to their DNS server. Guess the workaround really isn't working. I'll have to figure out how I can make the DNS server really change - although I don't think it's possible.

I think only web browser dns requests are going through dnscrypt. I'll have to look into it more over the weekend.
Last edited by moffa~; 20th October 2015 at 08:51 PM.
The Following User Says Thank You to moffa~ For This Useful Post: [ View ] Gift moffa~ Ad-Free
20th October 2015, 10:04 PM |#63  
cantenna's Avatar
Senior Member
Flag Newcastle
Thanks Meter: 267
 
More
Quote:
Originally Posted by moffa~

Over the past few weeks I've also been having problems with dnscrypt.org-fr as well as dnscrypt.eu-dk and dnscrypt.eu-nl. I can't seem to figure out how to properly change the DNS servers on an Android device (it keeps changing) which is why the iptables redirect is there. Unfortunately, when a server goes down you don't have a backup - this is normally why you have 2-3 DNS servers loaded.

I'm not sure what the issue with dnsmachine.net-de so I can't really comment. How are you changing the servers? Disabling dnscrypt and then editing the init file and then starting it again? Or are you just running the one-liner?

Usually to confirm it's working I use tcpdump on my device and then analyze the packets on my computer. I'll test it out now and post my results.
-----
Weird. Even with the iptables redirect I'm still seeing a lot of traffic going to my carrier's DNS and unencrypted packets sent to their DNS server. Guess the workaround really isn't working. I'll have to figure out how I can make the DNS server really change - although I don't think it's possible.

I think only web browser dns requests are going through dnscrypt. I'll have to look into it more over the weekend.

https://play.google.com/store/apps/d...17.overridedns

works very well for me, I have the paid version.
thanks for the info

cheers
Last edited by cantenna; 21st October 2015 at 04:46 AM.
21st October 2015, 07:14 AM |#64  
Senior Member
Thanks Meter: 82
 
More
Quote:
Originally Posted by moffa~

Over the past few weeks I've also been having problems with dnscrypt.org-fr as well as dnscrypt.eu-dk and dnscrypt.eu-nl. I can't seem to figure out how to properly change the DNS servers on an Android device (it keeps changing) which is why the iptables redirect is there. Unfortunately, when a server goes down you don't have a backup - this is normally why you have 2-3 DNS servers loaded.

I'm not sure what the issue with dnsmachine.net-de so I can't really comment. How are you changing the servers? Disabling dnscrypt and then editing the init file and then starting it again? Or are you just running the one-liner?

Usually to confirm it's working I use tcpdump on my device and then analyze the packets on my computer. I'll test it out now and post my results.
-----
Weird. Even with the iptables redirect I'm still seeing a lot of traffic going to my carrier's DNS and unencrypted packets sent to their DNS server. Guess the workaround really isn't working. I'll have to figure out how I can make the DNS server really change - although I don't think it's possible.

I think only web browser dns requests are going through dnscrypt. I'll have to look into it more over the weekend.

You might want to try dnsqache. The developer said he was working on possibly implementing dnscrypt in the future. Anyways this is the only app that allows me to change DNS and it does not allow my ISP to somehow force change it back by resetting the radio or connection to the tower or whatever it is they do that makes any DNS changes only last for a few MI Ute's or until I power the screen off to revert.

http://forum.xda-developers.com/show....php?t=2575894
23rd October 2015, 10:39 AM |#65  
SandroBSupp's Avatar
Senior Member
Thanks Meter: 89
 
More
Drony with DNScrypt
Hi,
Just looking if it would be possible to use it in Drony.
With VPN mode Drony intercepts all flow, also dns requests. So far just forwards to valid dns and wait for response.
But it could use DNSCrypto, even over proxy with authentication. Can anyone give me some clues how to start with integration in Drony?
Is it even possible to do it?
17th December 2015, 06:34 AM |#66  
Junior Member
Thanks Meter: 0
 
More
I like the "bumps"
lol thanks for posting!
17th January 2016, 07:59 PM |#67  
Junior Member
Thanks Meter: 0
 
More
Is anyone try dnscrypt with systemless root on nexys 6p ? I flash it using twrp and enable it in universal init.d , set my local dns to 127.0.0.1 but doesnt seem to work
20th February 2016, 11:29 AM |#68  
M66B's Avatar
Recognized Developer
Flag Dordrecht
Thanks Meter: 14,120
 
Donate to Me
More
With NetGuard you can now use DNScrypt without rooting.
Just run DNScrypt from /data/local/tmp and forward port 53 to DNScrypt.

See here for some more details (replace /system/xbin by /data/local/tmp).
The latest beta versions of NetGuard include a UI to forward ports to make things easier (accessible from the settings).

Edit: there is no need anymore to set an IPv4 DNS server, since the latest NetGuard versions can forward IPv4 traffic to an IPv6 address (or the other way around) too.
Last edited by M66B; 20th February 2016 at 11:38 AM.
The Following User Says Thank You to M66B For This Useful Post: [ View ]
18th March 2016, 02:13 AM |#69  
Member
Thanks Meter: 7
 
More
Freshly compiled AArch64 flashable zips here.
5th April 2016, 02:51 AM |#70  
Junior Member
Clearwater, FL
Thanks Meter: 7
 
More
Quote:
Originally Posted by Draygon

Hello,

I want to install DNScrypt proxy 1.4 on my android phone. You can get it here : download.dnscrypt.org/dnscrypt-proxy/

Could someone please make a tutorial an tell me how to install this? I want it to work with following DNS server: https://dnscrypt.eu/

It is a great enhancement in security and I would be glad if someone can get it to work and tell us.

Regards

Have several thumbs up, friend, for being the lone voice in the wilderness on this issue initially. And you just kept banging that drum... LOL I love it!
25th April 2016, 12:04 PM |#71  
Senior Member
Thanks Meter: 71
 
More
Someone mentioned here that dnscrypt works with afwall if you enable network for "root". Isn't this rather insecure? All the apps running as root are accessing whatever they like? Does it include android system and apps baked deep into system as well?

Read More
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes