Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've been using adguard's dns to block ads on my phone* because pi-hole isn't an option for me at the moment.

Also set it on a colleague's phone and he's thanked me severally for it.

* (dns.adguard.com

private DNS in network settings on android pie)



Similar to that I've been using NextDNS - in addition to the adblock you also get custom whitelist/blacklist, analytics... and also supports DNS-over-TLS (works well with Android's Private DNS feature) and DNS-over-Https

See: https://nextdns.io/


What can the analytics tell me?


I've been using nextdns and I like it: for one thing, it can tell you the amount of blocked DNS queries, but it's also very helpful for troubleshooting since you can see the log of what was blocked, when, and why (which blocklist). You can then completely disable the blocklist, or whitelist specific entries if you prefer. It's a level of customization that I don't believe other DNS adblockers provide since many of them are designed to "just work".


I wish iOS also supported private DNS natively. Seems like it would be right up Apple's street.


what is private DNS?


Private DNS is what Android calls DNS over TLS. It's basically normal DNS but with a TLS connection wrapped around it.

DoT is very easy to self host if you already run something like a pihole (using nginx to proxy a tcpstream + having it wrap a TLS connection around it) and can be exposed to the internet because it can work over TCP (thus reducing the DDoS risk factor significantly).

In Android there's a setting to enable it in the network settings. The default will be "off", if you pick "on" you'll probably be using Google's DNS servers, if you pick "hostname" you can pick a different server.


I think it's DNS with in-flight encryption.


oh, like dns over tls ?


yes.


My explanation was wrong...

Google support page explation for private DNS doesn't explain anything. Just recommends leaving it on.


> Private DNS allows you to set the DNS server the phone should use instead of your ISP's.

iOS does support that.


It's more than that, private DNS is not just a different DNS server, it's a DNS over TLS (DoT) server. This means encrypting the lookups to prevent the ISP from tracking the host names you visit.

Many DNS servers don't support DoT and some support DoH (DNS over HTTPS) instead.


they recommend leaving it on because then all your dns queries go to google and no one else by default--their "private dns" defaults to the very unprivate google dns servers.


I was a happy Adguard user for several years but found that some ads have come through lately. I did some research and switched to Blokada, which works well--sometimes too well; I have to temporarily deactivate it to use certain apps when I'm not on WiFi.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: