Any thoughts about RethinkDNS?

Hello!

As AdGuard no more trustworthy to me, I want to change DNS provider and network filter.

I am considering RethinkDNS. It is Open Source (link)

1. Is it really trustworthy? Anybody from here using it?
2. Will it work fine with my Pi-Hole?
3. If I add wireguard config to it, will developers of RDNS be able to somehow breach my encrypted traffic?

Have you even read all of AdGuard’s co-founder’s responses at the bottom of that thread?

AdGuard is a pretty comprehensive offering which is also cross-platform. Personally, I don’t find any concerns with their open source products or its developers.

Depends on what “trustworthy” means in this context.

1. Rethink (especially the F-Droid flavour) goes to great lengths to not contact to any endpoint unless the user or an installed app explicitly instructs Rethink to do so.
2. Rethink (since a few months ago) does not require restarts even on network changes (that is, it supports Android’s seamless (VPN) handover, for ALL scenarios, to prevent leaks).
3. By turning ON “Loopback” (in Configure → Network), you can opt to monitor Rethink’s own traffic using Rethink. Soon, we’d let users apply firewall rules to Rethink’s traffic as if it were just another installed app.
4. Both the Android app and the Resolver are open source software.
5. Rethink (both the app and the resolver) does not require sign up or any form of registration to use. Nor does it collect any statistics or usage logs. The privacy policy is up here: Privacy Policy | Rethink

I’m sure there are one or two from here who do or did. If it is any helpful signal, Orbot’s lead developers use Rethink (ref / mirror), as do DNS66’s (ref). Security researcher and blogger, Mike Kuketz, occassionally writes about Rethink (ref), oft times, critically enough.

Privacy Guides, and lead developers of CalyxOS and DivestOS publicly recommend (or have recommended) using Rethink. GrapheneOS mentions (not a recommendation) Rethink in their FAQ (though, the community is savvy enough to know the limitations of an app like Rethink, its shortcomings and bugs).

Rethink (the app) can replace your pi-hole to an extent, making it redundant.

Rethink (or any WireGuard client for that matter) theoretically can. Rethink (like the official WireGuard app) doesn’t. This can be confirmed from the code (though, I realise this isn’t something all users are capable of doing).

I trust them a little more:

But I want to use DPI (locally) to check their claims. If I will not post anything about it, then I did not found anything suspicious

That looks great.

No remote server connections until I ask.

I know but I want to flash it in custom Rom in system app (so it will not be killed by task killer), so I need to ensure that there no negative feedback.

I want to BAN custom list of domains.

I have two lists:
0.0.0.0 format and ||domain.com format

For now, you’ll have to add these IPs / domains one-by-one (in Configure → Firewall → IP & Port rules → Swipe to the tab labelled “Domain rules”).

We do plan to implement bring-your-own-blocklists. It isn’t trivial to do so, but we’ll eventually support it: IP address and domain blocklists · Issue #237 · celzero/rethink-app · GitHub

This should be case with the F-Droid flavour (save for Configure → Network → Perform connectivity checks that happen on network changes if Choose IP version is set to Auto).

If it isn’t, feel free to report and we’ll fix it on-priority. As before, with Loopback mode enabled (Configure → Network), one can monitor Rethink’s outgoing traffic with Rethink (Configure → Logs → Swipe to the tab labelled “Rethink”).