• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][6.0+] RethinkDNS: Anti-Censorship + Adblocker + Firewall [open source] [no root]

Search This thread

Thebadsnake

Member
Jul 28, 2019
7
3
Best app ever!

Best app ever, I searched for this kind of app and also tried to log connections with Termux + Proxychains and OpenDNS but this beats it! Especially "Internet log" is WOW! Also check Invisible app...
 
Last edited:
  • Like
Reactions: ignoramous

ignoramous

Member
Sep 22, 2012
38
19
Best app ever!

Best app ever, I searched for this kind of app and also tried to log connections with Termux + Proxychains and OpenDNS but this beats it! Especially "Internet log" is WOW! Also check Invisible app...

Thanks. Do let me know if you have any features or other suggestions in mind? I am mz at celzero dot com.

Works well, thanks for your efforts. One issue is that it frequently crashes and then doesnt restart, leaving me unprotected. I am on unrooted android oreo.

Yeah, we are aware of the frequent crashes and do fix them as we get bugreports or encounter ourselves. Some crashes are just hard to reproduce and hence hard to fix. That said, the app is pretty young and has evolved significantly in the past 4 months. We would better if we simply did a stability focused release and cleaned up the code-base...

If you're so inclined, you can share the debug logs (adb bugreport) with me over email so I can take a look? mz at celzero dot com

Thanks :)
 
  • Like
Reactions: astrod

rudolfm

Senior Member
Apr 11, 2014
131
38
I cannot enter a bootstrap IP for DoH, only a URL. But to resolve this URL, some DNS must be used. Which is used, and can I change it?
 

ignoramous

Member
Sep 22, 2012
38
19
I cannot enter a bootstrap IP for DoH, only a URL. But to resolve this URL, some DNS must be used. Which is used, and can I change it?

Hi there,

Ability to Bootstrap DoH IPs (like DNSCrypt does) is coming soon to the app: https://github.com/celzero/rethink-app/issues/94

The default DoH resolvers (RethinkDNS Basic, RethinkDNS Plus, Cloudflare, Cloudflare Family, Cloudflare Security) already come with respective IPs bootstrapped.

Today, if no bootstrap IP is present (which is the case for all custom DoH endpoints), the OS provided DNS resolver is used instead (which is usually the network-provided DNS resolver).
 
  • Like
Reactions: Toumakun

rudolfm

Senior Member
Apr 11, 2014
131
38
Thank you. If I were to spoof DNS, I would also redirect all known DoH URLs to my own evil DoH. That is why I consider the boot IP as important.
 
  • Like
Reactions: ignoramous

ignoramous

Member
Sep 22, 2012
38
19
Is it possible to block trackers based on exodus?
We've opened up our blocklists for users to propose / request adding newer ones: https://github.com/serverless-dns/rethink-blocklist-metadata/

Thank you. If I were to spoof DNS, I would also redirect all known DoH URLs to my own evil DoH. That is why I consider the boot IP as important.
True, that's one reason we want to expose bootstrapping IPs to end-users.

Work fine in my RN9 Pro joyeuse, thank you
Thanks! More improvements coming :)

Can we use this app together with trackercontrol app?
Unfortunately, you can't in the same profile. But you can across different users and profiles on your Android.
 

smilem21

Member
Jul 21, 2021
6
0
Hello can't block system components on CAT 62S Pro phone, I would like to disable android OS OTA updates.

Help.
Screenshot_20210724-164220.png
 

astrod

Senior Member
Jul 24, 2014
73
9
Google Pixel
Thanks. Do let me know if you have any features or other suggestions in mind? I am mz at celzero dot com.



Yeah, we are aware of the frequent crashes and do fix them as we get bugreports or encounter ourselves. Some crashes are just hard to reproduce and hence hard to fix. That said, the app is pretty young and has evolved significantly in the past 4 months. We would better if we simply did a stability focused release and cleaned up the code-base...

If you're so inclined, you can share the debug logs (adb bugreport) with me over email so I can take a look? mz at celzero dot com

Thanks :)
I just started using this app again on a new android 10 device and so far no crashes!

I have a couple of questions:

1. Is it possible to block apps in my work profile? I currently don't see them in the app list (I don't think I can run this app in my work profile and my main profile at the same time...)

2. Are you thinking of implementing separate blocking for different networks (e.g. unmetered WiFi vs cellular)? Something similar to what NetGuard can do? That would be awesome but I know probably a lot of work.

Currently your app is the best firewall/adblocker that I have found so thank very much for it!
 

ignoramous

Member
Sep 22, 2012
38
19
Hello can't block system components on CAT 62S Pro phone, I would like to disable android OS OTA updates.

Help.

Hi there,

1. Tap on the 'Firewall' card on the homescreen, then go to 'Universal' tab, and look for 'Whitelist App'.

2. Tap on 'Whitelist Apps' and unselect all of those (unless you want to keep them on whitelist for some reason). Apps on the whitelist (allowlist) are exempt from all firewall rules (but not DNS rules). Click 'Done'.

3. Now, navigate to 'All Apps' tab, and see if you can then block 'System Components'.
 

den077

New member
Apr 6, 2020
3
3
Manila
Just want to say many thanks for this app, I can finally use custom private DNS, firewall and VPN together. Waiting now for the next update :)
 
  • Like
Reactions: ignoramous

ignoramous

Member
Sep 22, 2012
38
19
I just started using this app again on a new android 10 device and so far no crashes!

I have a couple of questions:

1. Is it possible to block apps in my work profile? I currently don't see them in the app list (I don't think I can run this app in my work profile and my main profile at the same time...)

2. Are you thinking of implementing separate blocking for different networks (e.g. unmetered WiFi vs cellular)? Something similar to what NetGuard can do? That would be awesome but I know probably a lot of work.

Currently your app is the best firewall/adblocker that I have found so thank very much for it!

Thanks, v053g (released Sep 15) must be even more stable (live on both F-Droid and Google Playstore). We refactored a lot of things and paid up the accumulated technical debt (but it took us 5 months to do it, unfortunately).

Re: Your queries:

1. We haven't tested the app in Work Profile or in multi-user mode, so it may or may not work. As far as limitation in Android is concerned: One can definitely run the same app (even a VPN app) in both the profiles at the same time.

2. Yes, this is coming in v054, due end of this month (October)... or next, depending on how the development goes.
 
Last edited:
  • Like
Reactions: astrod

user4001

Senior Member
Apr 4, 2016
94
22
This app is bloody amazing. Never thought I'd get so much control from non-root. Huge thanks 👍
 

Toumakun

Member
Mar 10, 2016
30
5
Checked that App several Months ago and ditched it in favor of Wireguard.
sadly.


This App is really amazing and recommended and if you guys implement Wireguard in any way. I would buy a lifetime license.

Because DNS / Firewall and Wireguard in one App is just unbeatable.

Edit:
Setup RethinkDNS with enabled Firewall and DNS (Nextdns) + Restricted Mode in VPN
Installed Wireguard and enabled Kernel Backend + imported my pihole Wireguard Config

Now I can connect and surf like I'm in my home network and have the pro capabilities of RethinkDNS.

Best stuff of both worlds.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 14
    apple-icon-120x120.png


    RethinkDNS is an anti-internet censorship tool with DNS-based adblocking and a firewall built-in for Android 6+ devices.

    The app itself is free to use and comes with RethinkDNS (previous name BraveDNS) resolver with support custom denylists, allowlists, ability to store DNS logs for later analysis, view those logs consolidated from multiple devices in a single interface and so on: Pretty much a pi-hole in the cloud.

    Why'd we build this?

    As concerned Android users
    : It absolutely irks us that people who do care enough about privacy still couldn't use privacy-enhancing apps without requiring a degree in computer science. We saw this pattern unfold multiple times and a lot of tools over the years have done a tremendous job of making niche security tools accessible to naive users. We wanted to further that conversation on Android with a vision for what we think such a tool should look like:

    1. Anti-censorship: Enable open internet. DNS over HTTPS (and the imminent ESNI standard) is going to effectively break censorship as implemented in a lot of countries without requiring to route the traffic through VPNs. VPNs (and distributed tech like IPFS and mesh networks like Lantern) are still required in countries that employ Deep Packet Inspection. That's something we'd like to tackle in the near future.

    2. Anti-surveillance: Expose apps, their activity logs, network logs, and provide some actionable insights to the users on what they could do next. Exodus Privacy does a good job at statically analyzing an app and laying bare the trackers and permissions in-use, whilst the evergreen NetGuard does ever-so-well in revealing an app's connectivity history. We believe, there's a lot more that can be done than simply firewall an app: For instance, you could disable it, uninstall it, remove its permissions, remove the so-called special permissions (like read notification permission, read SMS permission, read app-usage statistics permission etc). Basically, empower the user with whatever control is available without-root in a neat little interface (think CleanMaster vs using the stock Settings app but being actually effective and not lie).

    The current version of RethinkDNS (previous name: BraveDNS) is a start in the direction laid out above partly because we want such an app ourselves and partly because we feel people deserve more such tools, and we hope to build it with this community's input, because god knows we have been wrong plenty when it comes to "what people really want".

    As privacy enthusiasts: We were frustrated that if we wanted to use NetGuard we couldn't use another VPN app, or if we wanted to use a DNS changer like Blokada then we couldn't use NetGuard (though, NetGuard + Private DNS feature alleviates the problem on Android 9+). We wanted something that wasn't as restrictive because we knew it could be built and so we did.

    Key points:
    1. Easy configuration.
    2. No root required.
    3. Free and open source (forked from Intra).
    4. No built-in trackers or analytics.
    5. In continuous development.

    Current features:
    1. DNS over HTTPS (circumvent censorship and prevent surveillance of DNS logs by ISPs and everyone else), DNSCrypt v2 with Anonymized Relays, and DNS over Tor.
    2. View DNS logs, including latencies and other metadata.
    3. Ad-block through RethinkDNS (previous name: BraveDNS) free resolver and local blocklists.
    4. Add your own DNS over HTTPS / DNSCrypt v2 servers.
    5. Firewall by app categories.
    6. Firewall individual apps.
    7. Firewall individual IP addresses.
    8. Firewall when apps are in the background (not-in-active-use).
    9. Firewall when device is locked.
    10. Forward DNS and TCP connections to Orbot (Tor as a proxy).
    11. Forward HTTP connections to any HTTP proxy.
    12. Forward TCP connections to any SOCKS5 endpoint or to Orbot.
    13. Forward DNS connections to any app running locally on-device or any endpoint (either local or on the Internet).
    14. [v053g / Sep '21] Firewall when apps bypass DNS (for example, block connections to IPs that apps resolve themselves).
    15. [v053g / Sep '21] Pause: Pause the Firewall and DNS for a brief time-period.
    16. [v053g / Sep '21] DNS Trap: Proxy all requests made on Port 53 to user-set DNS endpoint (for instance, this traps and redirects all custom DNS requests WhatsApp sends to Google's `8.8.8.8` DNS servers to the DNS endpoint of a user's choice).

    Planned (in order):
    0. Custom DNS allowlists/denylists.
    1. WireGuard VPN integration.
    2. Firewall based on metered (LTE) or unmetered connection (Wifi).
    3. Per-app DNS and VPN (route traffic to multiple VPNs / DNS based on which app is making those connections).
    4. IPv6 support.


    See: github/celzero/rethink-app/feature-backlog.

    We can't emphasize this enough: Let us know what you'd like to see us build and more importantly what'd make this tool use-able for other Android users who care enough but aren't as tech-savvy.

    If you'd like to contribute, please feel free to send pull requests our way.

    Thanks.

    ---

    Source: github/celzero/rethink-app
    Website: rethinkfirewall.com
    Blog: blog.rethinkdns.com
    Twitter: twitter.com/rethinkdns
    FAQ: rethinkdns.com/faq
    License: Apache 2.0

    Download: via RethinkDNS.com | PlayStore | F-Droid.

    ---

    v053g.home.pngv053g.dlog.pngv053g.tor.pngv053g.nlog.pngv053g.fire.pngv053g.low.png
    2
    Thanks. Nice work.
    Unfortunately, it usually comes down to firewall or VPN

    Would love to see what you guys do (if at all) to allow third party VPNs
    1
    So this still exposes one's real IP address, yes?

    Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51

    We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45

    Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).
    1
    Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51

    We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45

    Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).

    I've been looking for an all in one solution. Currently forced to use AdGuard+Nord...

    Looking forward to it. Thanks for all you guys do.
    1
    Best app ever!

    Best app ever, I searched for this kind of app and also tried to log connections with Termux + Proxychains and OpenDNS but this beats it! Especially "Internet log" is WOW! Also check Invisible app...