Kindle Fire HD 10 9th gen is adding a dns server on its own.

Search This thread

ChumleyEX

Senior Member
Oct 12, 2007
2,187
15
Temple
Hello there, I run several services locally on my network and need a DNS server local to my network to access them. I have a DHCP and DNS server setup to handle everything I need and this works for everything on my network except my new HD 10. The tablet will get the IP/Subnet Mask/Gateway and DNS server, but then it will add googles 8.8.8.8 as well. That'd fine and all, except that the tablet/Silk will never use my 192.168.1.1 DNS to resolve my internal servers, it just uses the google DNS. I have installed a nslookup tool and it resolves everything just fine. Next, I went in and statically set the DNS server and even added a second, which works for a few minutes, but then the tablet adds 8.8.8.8 again. The hosts it's resolving are there, every computer/tablet/phone on my network can resolve it and so can nslookup. My home DNS server can resolve whatever is needed, but this tablet is forcing stuff I don't need.



What can I do, I bought this tablet to use with things on my network (specifically) and it seems to have a mind of its own.
 
Dec 22, 2015
19
1
you might try editing the hosts file on our tablets I dunno if this will apply to us but here's a site that claims to show how to edit the hosts file on non rooted devices... This may also work in your reverse lookup zone with a manual entry for 8.8.8.8 sent to your dns server as well

https://www.techrepublic.com/article/edit-your-rooted-android-hosts-file-to-block-ad-servers/

Dunno why you're having this issue though as you mentioned DHCP is adding both yours and Google's NS and the 192 range is non routable and Google is not authoritative for that range anyways

What's your DNS/DHCP setup like? Window or Linux?

Lastly, you may also try using NAT to redirect all traffic bound for 8.8.8.8 to your DNS servers ip but this may have the added effect of any other devices on the network headed to 8.8.8.8 to return to your DNS and be unable to resolve internet addresses

You may want to do a bit of research in that regard
 
Last edited:

ChumleyEX

Senior Member
Oct 12, 2007
2,187
15
Temple
you might try editing the hosts file on our tablets I dunno if this will apply to us but here's a site that claims to show how to edit the hosts file on non rooted devices... This may also work in your reverse lookup zone with a manual entry for 8.8.8.8 sent to your dns server as well

https://www.techrepublic.com/article/edit-your-rooted-android-hosts-file-to-block-ad-servers/

Dunno why you're having this issue though as you mentioned DHCP is adding both yours and Google's NS and the 192 range is non routable and Google is not authoritative for that range anyways

What's your DNS/DHCP setup like? Window or Linux?

Lastly, you may also try using NAT to redirect all traffic bound for 8.8.8.8 to your DNS servers ip but this may have the added effect of any other devices on the network headed to 8.8.8.8 to return to your DNS and be unable to resolve internet addresses

You may want to do a bit of research in that regard

Thanks, I'll try some of what you suggested. I run pfsense for my router and it has a dns resolver I use. I run some docker stuff with traefik as the reverse proxy so I need the DNS to route to stuff internally.
 

jwoodard80

New member
Dec 1, 2019
1
1
I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.

adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off

Options are
* - opportunistic (Auto)
* - off (disabled)

There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.
 
  • Like
Reactions: lusephur

lusephur

Senior Member
Jan 20, 2009
372
107
Redmi Note 9
Redmi Note 10 Pro
I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.

adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off

Options are
* - opportunistic (Auto)
* - off (disabled)

There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.

Oh you wonderful, wonderful person, you. This did the trick, although, it took a bit of time to make out what the exact command you were referring to was. So, to make it clearer to anybody else want to try this, it's
Code:
adb shell settings put global private_dns_mode off

Of course, the prerequisites of enabling developer options and enabling debugging as well as having a pc with adb installed and set up are assumed to be already fulfilled.
 

matmike

Senior Member
Nov 10, 2006
81
10
Munich
Hey guys,

I just read your posts here and treid to deactivate this pretty strange behaviour. Unfortunately, it didn't work as expected. I ran the command after enabling developer options and confirming the new connection. ADB worked without any error but still, the Fire HD10 added the 8.8.8.8 DNS server on my WiFi connection. I deactivated the connection and even deleted it to set it up again, nothing worked..
Is there anything I missed?

Thanks,
Matthias
 

lfvsouza

New member
Jun 29, 2010
3
0
Persistent 8.8.8.8

I also changed both parameters to OFF using adb but without any results on the FIRE 7. My guess is that they used the 8.8.8.8 DNS for their ad-based servers and as this tablet is ad-enabled (which actually makes them less expensive to buy) they wont allow changing this without rooting the device. Any suggestions ???
 

matmike

Senior Member
Nov 10, 2006
81
10
Munich
Well, I finally solved it on network side: I used a NAT firewall rule to ensure all traffic via port 53 (=DNS queries without encryption) goes to my internal DNS server. Of course, if the server is within your network, you'll have to add an exception for traffic to port 53 for the server.
The main qustion is if your router will support custom NAT rules.

BR,
Matthias
 

egalus

Senior Member
Mar 24, 2008
113
11
The adb shell settings stuff did not work for me either.
Instead of adding a nat rule I simply deny all traffic to 8.8.8.8 and 8.8.4.4. As the fires use my local dns servers as fallback everythimg now works as expected - including blocked adds in browsers.
 

Jimsef

New member
Jan 6, 2020
4
0
The adb shell settings stuff did not work for me either.
Instead of adding a nat rule I simply deny all traffic to 8.8.8.8 and 8.8.4.4. As the fires use my local dns servers as fallback everythimg now works as expected - including blocked adds in browsers.

Yeah, I have taken to doing the same thing, although I'd be interested to know if anyone finds a solution rather than a workaround, as firewalling 8.8.8.8 isn't exactly elegant.
 

matmike

Senior Member
Nov 10, 2006
81
10
Munich
BTW: My OnePlus 6 does the same thing and adds 8.8.8.8 no matter what the DNS distributed by DHCP was - at least when DHCP only providers one DNS.
 

Jimsef

New member
Jan 6, 2020
4
0
So it might not be a Kindle specific topic but also affect other Android devices.

Yeah, I found a reddit thread saying it is affecting android in general

---------- Post added at 05:43 PM ---------- Previous post was at 04:43 PM ----------

Saw someone said it doesn't add it if you pass through 3 DNS entries, but my Unifi box only seems to allow 2 (not tried overriding from command line though)
 

matmike

Senior Member
Nov 10, 2006
81
10
Munich
Yeah, I found a reddit thread saying it is affecting android in general

---------- Post added at 05:43 PM ---------- Previous post was at 04:43 PM ----------

Saw someone said it doesn't add it if you pass through 3 DNS entries, but my Unifi box only seems to allow 2 (not tried overriding from command line though)
That's interesting! I also use a UniFi network and the controller allows me to pass 4 different DNS servers via DHCP - although I only have one, I tried to put in the same address 4 times and will check if it works.

BR,
Matthias
 

Jimsef

New member
Jan 6, 2020
4
0
That's interesting! I also use a UniFi network and the controller allows me to pass 4 different DNS servers via DHCP - although I only have one, I tried to put in the same address 4 times and will check if it works.

BR,
Matthias

Interesting, can you remind me where you set it, as I’m only seeing 2? Just want to check I’m looking in the right place.
 

matmike

Senior Member
Nov 10, 2006
81
10
Munich
Yes, sure. I'm using the UniFi controller in version 5.12.35.
The options for the DNS to-be-distributed can be found under Setting->Networks->Edit (your specific network)->DHCP-Nameserver to manual and then 4 possible entries appear. All options translated from German so it might be a bit different.

BR,
Matthias
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.

    adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off

    Options are
    * - opportunistic (Auto)
    * - off (disabled)

    There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.

    Oh you wonderful, wonderful person, you. This did the trick, although, it took a bit of time to make out what the exact command you were referring to was. So, to make it clearer to anybody else want to try this, it's
    Code:
    adb shell settings put global private_dns_mode off

    Of course, the prerequisites of enabling developer options and enabling debugging as well as having a pc with adb installed and set up are assumed to be already fulfilled.
    1
    I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.

    adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off

    Options are
    * - opportunistic (Auto)
    * - off (disabled)

    There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.
    1
    None I know of on client side.
    But if you have a router that has some capabilities, you can user firewall rules to block any traffic over port 53 (=DNS) to other servers than the one you prefer.
    If you have your own DNS in the local network, you can even block ANY traffic to DNS servers from LAN to WAN when it does not come from your own DNS server.

    Please note: It will only work for normal DNS queries. If a device moves to secured DNS-over-TLS or DNS-over-HTTPS, you can't block.