FORUMS

DNScrypt proxy for Android install

329 posts
Thanks Meter: 47
 
By Draygon, Senior Member on 24th June 2014, 11:10 AM
Post Reply Subscribe to Thread Email Thread
18th October 2015, 01:17 AM |#61  
cantenna's Avatar
Senior Member
Flag Newcastle
Thanks Meter: 259
 
More
Hi Mafa, you seem to be a good guy to ask about this stuff, i have been using dnscrypt for about a month now, opendns welcome test page has been showing a check mark but as of yesterday on all of my android devices i am unable to retrieve certs from dnscrypt.org-fr. It seems to be the sames for all servers that offer "DNSSEC validation" I can retrieve certs from other resolvers but upon visiting the opendns test welcome page i am now presented with opps you are not conected. However dnsleaktest.com verifies i am connected to the resolver, do you have any insight as to whats going on here? Are you or any other users having difficulties as of late as well with connections? Would like to know if this is a problem with my configuration.

Also, can you help me with how I can test if my dns enquirers are encrypted on android? Before I would just visit opendns test website and look for the check mark but is this the best test?

Update: earlier today i was able to retrieve certs again from dnscrypt.org-fr guess there was a problem with the servers??

I also tried dnsmachine.net-de briefly on a few devices, terminal reported all was okay,certs downloaded okay, etc but internet didn't work at all. I guess some servers experience issues from time to time? Do you have any insight on this?

I am really stumped as to how to confirm service is actually working. I tried wireshark and following instructions here but it doesn't report the same at all
http://askubuntu.com/questions/10536...s-is-encrypted
Last edited by cantenna; 18th October 2015 at 10:01 AM.
 
 
20th October 2015, 09:31 PM |#62  
Senior Member
Thanks Meter: 49
 
More
Over the past few weeks I've also been having problems with dnscrypt.org-fr as well as dnscrypt.eu-dk and dnscrypt.eu-nl. I can't seem to figure out how to properly change the DNS servers on an Android device (it keeps changing) which is why the iptables redirect is there. Unfortunately, when a server goes down you don't have a backup - this is normally why you have 2-3 DNS servers loaded.

I'm not sure what the issue with dnsmachine.net-de so I can't really comment. How are you changing the servers? Disabling dnscrypt and then editing the init file and then starting it again? Or are you just running the one-liner?

Usually to confirm it's working I use tcpdump on my device and then analyze the packets on my computer. I'll test it out now and post my results.
-----
Weird. Even with the iptables redirect I'm still seeing a lot of traffic going to my carrier's DNS and unencrypted packets sent to their DNS server. Guess the workaround really isn't working. I'll have to figure out how I can make the DNS server really change - although I don't think it's possible.

I think only web browser dns requests are going through dnscrypt. I'll have to look into it more over the weekend.
Last edited by moffa~; 20th October 2015 at 09:51 PM.
The Following User Says Thank You to moffa~ For This Useful Post: [ View ]
20th October 2015, 11:04 PM |#63  
cantenna's Avatar
Senior Member
Flag Newcastle
Thanks Meter: 259
 
More
Quote:
Originally Posted by moffa~

Over the past few weeks I've also been having problems with dnscrypt.org-fr as well as dnscrypt.eu-dk and dnscrypt.eu-nl. I can't seem to figure out how to properly change the DNS servers on an Android device (it keeps changing) which is why the iptables redirect is there. Unfortunately, when a server goes down you don't have a backup - this is normally why you have 2-3 DNS servers loaded.

I'm not sure what the issue with dnsmachine.net-de so I can't really comment. How are you changing the servers? Disabling dnscrypt and then editing the init file and then starting it again? Or are you just running the one-liner?

Usually to confirm it's working I use tcpdump on my device and then analyze the packets on my computer. I'll test it out now and post my results.
-----
Weird. Even with the iptables redirect I'm still seeing a lot of traffic going to my carrier's DNS and unencrypted packets sent to their DNS server. Guess the workaround really isn't working. I'll have to figure out how I can make the DNS server really change - although I don't think it's possible.

I think only web browser dns requests are going through dnscrypt. I'll have to look into it more over the weekend.

https://play.google.com/store/apps/d...17.overridedns

works very well for me, I have the paid version.
thanks for the info

cheers
Last edited by cantenna; 21st October 2015 at 05:46 AM.
21st October 2015, 08:14 AM |#64  
Senior Member
Thanks Meter: 70
 
More
Quote:
Originally Posted by moffa~

Over the past few weeks I've also been having problems with dnscrypt.org-fr as well as dnscrypt.eu-dk and dnscrypt.eu-nl. I can't seem to figure out how to properly change the DNS servers on an Android device (it keeps changing) which is why the iptables redirect is there. Unfortunately, when a server goes down you don't have a backup - this is normally why you have 2-3 DNS servers loaded.

I'm not sure what the issue with dnsmachine.net-de so I can't really comment. How are you changing the servers? Disabling dnscrypt and then editing the init file and then starting it again? Or are you just running the one-liner?

Usually to confirm it's working I use tcpdump on my device and then analyze the packets on my computer. I'll test it out now and post my results.
-----
Weird. Even with the iptables redirect I'm still seeing a lot of traffic going to my carrier's DNS and unencrypted packets sent to their DNS server. Guess the workaround really isn't working. I'll have to figure out how I can make the DNS server really change - although I don't think it's possible.

I think only web browser dns requests are going through dnscrypt. I'll have to look into it more over the weekend.

You might want to try dnsqache. The developer said he was working on possibly implementing dnscrypt in the future. Anyways this is the only app that allows me to change DNS and it does not allow my ISP to somehow force change it back by resetting the radio or connection to the tower or whatever it is they do that makes any DNS changes only last for a few MI Ute's or until I power the screen off to revert.

http://forum.xda-developers.com/show....php?t=2575894
23rd October 2015, 11:39 AM |#65  
SandroBSupp's Avatar
Senior Member
Thanks Meter: 81
 
More
Drony with DNScrypt
Hi,
Just looking if it would be possible to use it in Drony.
With VPN mode Drony intercepts all flow, also dns requests. So far just forwards to valid dns and wait for response.
But it could use DNSCrypto, even over proxy with authentication. Can anyone give me some clues how to start with integration in Drony?
Is it even possible to do it?
17th December 2015, 07:34 AM |#66  
Junior Member
Thanks Meter: 0
 
More
I like the "bumps"
lol thanks for posting!
17th January 2016, 08:59 PM |#67  
Junior Member
Thanks Meter: 0
 
More
Is anyone try dnscrypt with systemless root on nexys 6p ? I flash it using twrp and enable it in universal init.d , set my local dns to 127.0.0.1 but doesnt seem to work
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes