FORUMS
Remove All Ads from XDA

keweonDNS - now with improved Certificate (iOS, Mac & Android)

1,682 posts
Thanks Meter: 4,247
 
Post Reply Email Thread
6th November 2019, 09:44 AM |#2831  
Timmmmaaahh's Avatar
Forum Moderator
Flag Bruges
Thanks Meter: 5,510
 
Donate to Me
More
I've been getting ads in some games since yesterday. The one in screenshot is Crowd City. I took the liberty of drawing a shocked emoji (or at least tried) for extra dramatic effect. I'm also showing that it's not one of the excluded apps in Nebulo.Click image for larger version

Name:	Screenshot_20191106-093606__01.jpg
Views:	416
Size:	58.5 KB
ID:	4867863Click image for larger version

Name:	Screenshot_20191106-093859.jpg
Views:	412
Size:	35.5 KB
ID:	4867865

Wrapped with delicious Fajita
The Following 3 Users Say Thank You to Timmmmaaahh For This Useful Post: [ View ] Gift Timmmmaaahh Ad-Free
7th November 2019, 12:55 PM |#2832  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
Quote:
Originally Posted by Timmmmaaahh

I've been getting ads in some games since yesterday. The one in screenshot is Crowd City. I took the liberty of drawing a shocked emoji (or at least tried) for extra dramatic effect. I'm also showing that it's not one of the excluded apps in Nebulo.Attachment 4867863Attachment 4867865

Wrapped with delicious Fajita

I need to install and check this... Can you tell me when this happens the 1st time??

EDIT:
Awesome info from you...!!!! Thanks a lot!!!
The Following User Says Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
7th November 2019, 09:28 PM |#2833  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
keweon Upgrade Info

The upgrade is through for following servers. Nothing changes for you, it should just run faster.

[DNS over TLS - DoT] dot.asecdns.com
[DNS over HTTPS - DoH] doh.asecdns.com/nebulo and doh.asecdns.com/dns-query

DoH now runs better with NEBULO and now also with INTRA even if the app comes from Google.

I also did an update to the blacklists. There seems to be something going wrong since Monday and a table in the database wasn't read properly. This is now fixed.

I would be happy about feedback. Have fun!
The Following 6 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
8th November 2019, 03:06 AM |#2834  
Member
Thanks Meter: 26
 
More
Quote:
Originally Posted by MrT69

DoH (DNS over HTTPS) is a JSON answer format for DNS requests. This protocoll was invented by Google and since July 2018 it's within public usage.
This protocoll runs via Port 443 and it has the advantage for countries with Governmend censorship. When the Censorship is just DNS based it can be bypased with DoH.

DoT (DNS over TLS) is native DNS within a SSL tunnel. You can compare this with your Webbrowser and a HTTPS connection. It's working via Port 853 but in countries with censorship this port will be almost filtered.

I can't give a recommendation which one is faster or not. It's up to you to test and decide which one is better or faster for you. Within my mobile device I have 24x7 the DoT active even when I'm within my own WLAN.

Read something about DOH being less secure than DOT about a month ago in Süddeutsche Zeitung (usually they are well informed on things like that).
The Following 2 Users Say Thank You to Keule-T For This Useful Post: [ View ] Gift Keule-T Ad-Free
8th November 2019, 09:25 AM |#2835  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
Quote:
Originally Posted by Keule-T

Read something about DOH being less secure than DOT about a month ago in Süddeutsche Zeitung (usually they are well informed on things like that).

It doesn't matters if you use DoT or DoH or DNS because logging is with all of this possible.

DoT is just as like as a webserver with SSL. There will be a tunnel and the DNS request will be pushed over this tunnel.
DoH is invented by Google in 2018 and they transform DNS responsed into a JSON format.

The only risk with DoT or DoH or even DNS is when your DNS provider is doing evil things. From this point of view it's inseucre to use DNS at all.

Both protocols has advantages and disadvantages. I love to provide DoH because it prevent censorship for different countries. When I'm within a public hotspot (Munich Central Station) then DoT will not work because they block DoT. I switch to DoH which runs at port 443 and everything is fine.

If you take a look at this topic then you will see that just only governments are hard against DoH. Until today I heard only that there was a Malware "Attack" but there is no proof. There are no further informations what was happens, who was responsible and it was just only one Articel about this. Think abou this.

I only see that some governments has a real pain by using DoH. As long as the goverment has serious concerns to use DoH as long as this it's a good reason to use DoH.
The Following 2 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
9th November 2019, 06:58 PM |#2836  
current dns server list
Hello MrT69,
Thanks for all your hard work!
I was wondering what is the most current/latest/recommended DNS servers for the US? I am confused on which IPv4 server/s I should use. I am using them at the router level, specifically for my android TVs. Also, do you recommend installing the certificate even if the browsers are really never used?

Thanks again,
A-
The Following 2 Users Say Thank You to alexacm For This Useful Post: [ View ] Gift alexacm Ad-Free
11th November 2019, 07:23 PM |#2837  
rmn.br's Avatar
Senior Member
Flag Prague
Thanks Meter: 161
 
More
After last Keweon maintaining I have many blocked web sites, same sites which one week a go doesn't have problems with loading. I start write whitelist, those sites aren't harmful in any way, just contain couple ads...

Sent from my SM-N975F using XDA Labs
The Following User Says Thank You to rmn.br For This Useful Post: [ View ] Gift rmn.br Ad-Free
12th November 2019, 05:45 AM |#2838  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
Quote:
Originally Posted by alexacm

Hello MrT69,
Thanks for all your hard work!
I was wondering what is the most current/latest/recommended DNS servers for the US? I am confused on which IPv4 server/s I should use. I am using them at the router level, specifically for my android TVs. Also, do you recommend installing the certificate even if the browsers are really never used?

Thanks again,
A-

About the Certificate read this here. There is a good explanation and if you don't need it at all or if you see no reasons to use it then there is no need to use it.

https://forum.xda-developers.com/sho...postcount=2801

For US I don't know which one is the best. I will update the list in posting #6 the next days for better overview.

At the moment the entire project is still within a funny toy stage but when everything is working as expected then I guess within a few months I can provide a worldwide Anycast DNS Service. This would mean there are 4 addresses at the end and then this try and error game about which one is the fastest is over.
12th November 2019, 05:48 AM |#2839  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
Quote:
Originally Posted by rmn.br

After last Keweon maintaining I have many blocked web sites, same sites which one week a go doesn't have problems with loading. I start write whitelist, those sites aren't harmful in any way, just contain couple ads...

Sent from my SM-N975F using XDA Labs

Such a help is really awesome. Thanks a lot!!!
If you add a hash and flag the URL which contains ads then I can double check it.

Million times thanks a lot for this!!!!
The Following User Says Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
12th November 2019, 06:40 AM |#2840  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
keweon and DNSSEC validation:

It was a need to spend round about 1 more year into this and since yesterday keweon is working now with DNSSEC validation.

I don't use my own trust anchor because this would make no sense and I'm using the public known anchors.
Even when they change the anchors it's not a problem for keweonDNS. That's why I'm so hard against DNSSEC because it has nothing to do with security and it provides no security.

I guess enable this feature will not make a lot of friends in addition because DNSSEC was invented to prevent things as like as keweonDNS. I'm pretty sure a lot of you knows what I think about impossible things.

*/shitstorm-challenge-accepted/*

Here is a tiny Video about the very first early alpha stage. There is still some development required but important is it is working. Making videos is not my thing but hey, it's just for demonstrating things.

https://www.youtube.com/watch?v=_uRc7EJ6dDw

Because of the fact that some idiots try to steal my blacklists with round about 300GB DNS traffic I need to make sure that this will be not stolen. They didn't get important things but instead of contacting me doing it within this way was real incredible. The DNSSEC feature is anyway within a early dev stage and I guess within a few weeks it should be done.
The Following 6 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
15th November 2019, 05:55 AM |#2841  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,247
 
Donate to Me
More
I only found this news within German language.

With Chrome 80 Google remove or restrict the API to use Adblocker plugins. I said this since 2 years that this will happen but no one wants to listen.

https://www.google.de/amp/s/www.gole...44931.amp.html

In the meantime Google is almost within every Browser. Safari on Mac, Edge from MS and this will give them a Market strength of more then 73%.

That's a real nightmare.
The Following 5 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
Post Reply Subscribe to Thread

Tags
adblocker, dns

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes