[APP][6.0+] RethinkDNS: Anti-Censorship + Adblocker + Firewall [open source] [no root]

Search This thread


Senior Member
My understanding is that this app bypasses my blocking rules from the /etc/hosts file, right?

Is there a benefit to using this app instead of energized protection magisk module + a custom dns server? (ISP cannot see requests bc they are encrypted with https?).
Or any drawbacks? (More battery usage than hosts file?)

Thanks for any advice .
Editing the HOSTS file is the worst method actually.

It's slow. Hosts file needs to be cached in RAM by the DNS client and that takes time + processing power.

When the DNS cache is flushed, it needs to cache it again.

Internet may be completely unresponsive during the caching

It takes an enormous quantity of RAM especially if you use energized because their lists are huge

There's a high risk of blocking useless domain because you'll never try to resolve in the first place so it's a waste of resources.

It's non optimized as it's supports no filtering rules.

Using a VPN means that it will ignore system's hosts file for the VPN's database so it's an other waste of resources

If you already use a custom DNS server there's no need to use the hosts file. Instead, let the DNS server to filter domains out by importing energized lists in it.

The benefit i see is than you can also make use of the firewall to block locally everything you need per apps, while hosts file/ DNS filtering are system wide.

You can customize a lot of rules based on your preferences also.

I don't know if it can do cosmetic blocking to hide placeholders of ads on websites though
Last edited:


Senior Member
Aug 22, 2018
Moto G6
Moto G50
Just came across it whilst looking for an alternative to blokada as I wanted the ability to block specific apps. Amazing ! and I've only scratched the surface. I'm surprised this has not attracted more attention from users with non-rooted devices.

Thank you !


Senior Member
Sep 19, 2010
I am waiting for the next version because it will have some features that i must have in such an app.

The devs are working hard on it! Hopefully we will get an update soon.


Senior Member
May 24, 2020
I just stumbled upon this app from a comment in the weblog of Mike Kuketz - and I did not believe my eyes when I read through this thread: finally there seems a chance to have the combination of a local firewall, ad blocker AND a VPN client to forward the traffic to my own network after filtering on an unrooted Android! This is ***so*** great news!
With an integrated Wireguard client included, this app will be quite likely to replace NetGuard on my phone if it runs stable :)

Some questions I had during setup:
  • what is the difference between unblocking and whitelisting apps in the firewall module?
  • while transferring my blocked apps from NetGuard for the test, I found the grouping of the blocked apps a little irritating, especially since there is a button that switches to "unblocked" as soon as I unblock one app of the whole group (and blocks the whole group again if I accidentially press it). Can this be turned off?
  • I know from Netguard there is a switch to block/unblock apps with "root" id. Is there something similar in ReThinkDNS?
  • how are the blocklists I have chosen updated? For Netguard, I have the possbility to update the Blocklist I chose to use via tasker in a time interval I can specify (yes, not the most intuitive way to do this...).
  • can I backup/import my list of blocked/allowed apps and chosen blocklist(s) and other settings?
But: all in all, this looks very promising! I am looking forward on how this app develops!

Top Liked Posts

  • There are no posts matching your filters.
  • 16

    RethinkDNS is an anti-internet censorship tool with DNS-based adblocking and a firewall built-in for Android 6+ devices.

    The app itself is free to use and comes with RethinkDNS (previous name BraveDNS) resolver with support custom denylists, allowlists, ability to store DNS logs for later analysis, view those logs consolidated from multiple devices in a single interface and so on: Pretty much a pi-hole in the cloud.

    Why'd we build this?

    As concerned Android users
    : It absolutely irks us that people who do care enough about privacy still couldn't use privacy-enhancing apps without requiring a degree in computer science. We saw this pattern unfold multiple times and a lot of tools over the years have done a tremendous job of making niche security tools accessible to naive users. We wanted to further that conversation on Android with a vision for what we think such a tool should look like:

    1. Anti-censorship: Enable open internet. DNS over HTTPS (and the imminent ESNI standard) is going to effectively break censorship as implemented in a lot of countries without requiring to route the traffic through VPNs. VPNs (and distributed tech like IPFS and mesh networks like Lantern) are still required in countries that employ Deep Packet Inspection. That's something we'd like to tackle in the near future.

    2. Anti-surveillance: Expose apps, their activity logs, network logs, and provide some actionable insights to the users on what they could do next. Exodus Privacy does a good job at statically analyzing an app and laying bare the trackers and permissions in-use, whilst the evergreen NetGuard does ever-so-well in revealing an app's connectivity history. We believe, there's a lot more that can be done than simply firewall an app: For instance, you could disable it, uninstall it, remove its permissions, remove the so-called special permissions (like read notification permission, read SMS permission, read app-usage statistics permission etc). Basically, empower the user with whatever control is available without-root in a neat little interface (think CleanMaster vs using the stock Settings app but being actually effective and not lie).

    The current version of RethinkDNS (previous name: BraveDNS) is a start in the direction laid out above partly because we want such an app ourselves and partly because we feel people deserve more such tools, and we hope to build it with this community's input, because god knows we have been wrong plenty when it comes to "what people really want".

    As privacy enthusiasts: We were frustrated that if we wanted to use NetGuard we couldn't use another VPN app, or if we wanted to use a DNS changer like Blokada then we couldn't use NetGuard (though, NetGuard + Private DNS feature alleviates the problem on Android 9+). We wanted something that wasn't as restrictive because we knew it could be built and so we did.

    Key points:
    1. Easy configuration.
    2. No root required.
    3. Free and open source (forked from Intra).
    4. No built-in trackers or analytics.
    5. In continuous development.

    Current features:
    1. DNS over HTTPS (circumvent censorship and prevent surveillance of DNS logs by ISPs and everyone else), DNSCrypt v2 with Anonymized Relays, and DNS over Tor.
    2. View DNS logs, including latencies and other metadata.
    3. Ad-block through RethinkDNS (previous name: BraveDNS) free resolver and local blocklists.
    4. Add your own DNS over HTTPS / DNSCrypt v2 servers.
    5. Firewall by app categories.
    6. Firewall individual apps.
    7. Firewall individual IP addresses.
    8. Firewall when apps are in the background (not-in-active-use).
    9. Firewall when device is locked.
    10. Forward DNS and TCP connections to Orbot (Tor as a proxy).
    11. Forward HTTP connections to any HTTP proxy.
    12. Forward TCP connections to any SOCKS5 endpoint or to Orbot.
    13. Forward DNS connections to any app running locally on-device or any endpoint (either local or on the Internet).
    14. [v053g / Sep '21] Firewall when apps bypass DNS (for example, block connections to IPs that apps resolve themselves).
    15. [v053g / Sep '21] Pause: Pause the Firewall and DNS for a brief time-period.
    16. [v053g / Sep '21] DNS Trap: Proxy all requests made on Port 53 to user-set DNS endpoint (for instance, this traps and redirects all custom DNS requests WhatsApp sends to Google's `` DNS servers to the DNS endpoint of a user's choice).

    Planned (in order):
    0. Custom DNS allowlists/denylists.
    1. WireGuard VPN integration.
    2. Firewall based on metered (LTE) or unmetered connection (Wifi).
    3. Per-app DNS and VPN (route traffic to multiple VPNs / DNS based on which app is making those connections).
    4. IPv6 support.

    See: github/celzero/rethink-app/feature-backlog.

    We can't emphasize this enough: Let us know what you'd like to see us build and more importantly what'd make this tool use-able for other Android users who care enough but aren't as tech-savvy.

    If you'd like to contribute, please feel free to send pull requests our way.



    Source: github/celzero/rethink-app
    Website: rethinkfirewall.com
    Blog: blog.rethinkdns.com
    Twitter: twitter.com/rethinkdns
    FAQ: rethinkdns.com/faq
    License: Apache 2.0

    Download: via RethinkDNS.com | PlayStore | F-Droid.


    Thanks. Nice work.
    Unfortunately, it usually comes down to firewall or VPN

    Would love to see what you guys do (if at all) to allow third party VPNs
    Just want to say many thanks for this app, I can finally use custom private DNS, firewall and VPN together. Waiting now for the next update :)
    So this still exposes one's real IP address, yes?

    Yes, BraveDNS isn't a VPN service like ProtonVPN / Mullvad / Lantern etc are. Right now (though we do have plans to add VPN servers like Lantern et al in probably two to three months from today but that'd be only to support anti-censorship and not anonymity). See: https://github.com/celzero/brave-android-app/issues/52 and https://github.com/celzero/brave-android-app/issues/51

    We're adding support for SOCKS5 and HTTPS-Proxy in the upcoming release (next week) which would help forward traffic to VPNs (like NordVPN) that support those protocols: https://github.com/celzero/brave-android-app/issues/45

    Right now, BraveDNS uses VPN access on-device to change DNS and implement Firewall functionality (similar to what the excellent NetGuard app does).
    I just started using this app again on a new android 10 device and so far no crashes!

    I have a couple of questions:

    1. Is it possible to block apps in my work profile? I currently don't see them in the app list (I don't think I can run this app in my work profile and my main profile at the same time...)

    2. Are you thinking of implementing separate blocking for different networks (e.g. unmetered WiFi vs cellular)? Something similar to what NetGuard can do? That would be awesome but I know probably a lot of work.

    Currently your app is the best firewall/adblocker that I have found so thank very much for it!

    Thanks, v053g (released Sep 15) must be even more stable (live on both F-Droid and Google Playstore). We refactored a lot of things and paid up the accumulated technical debt (but it took us 5 months to do it, unfortunately).

    Re: Your queries:

    1. We haven't tested the app in Work Profile or in multi-user mode, so it may or may not work. As far as limitation in Android is concerned: One can definitely run the same app (even a VPN app) in both the profiles at the same time.

    2. Yes, this is coming in v054, due end of this month (October)... or next, depending on how the development goes.