Hi all,
Am running GOS with a VPN. As recommended, I use the VPN’s DNS.
However, my laptop, which also uses this VPN and its DNS, has a lot of blocklists to limit connections.
Is this feasible on Android/GOS without losing the use of the VPN’s DNS? Like, blocking DNS connections locally before handing them to the VPN app.
Thanks!
What are you trying to do here anyway? I ask to get more context for what you’re trying to accomplish.
You probably could get that setup with RethinkDNS
Or they can use a VPN that also has a customizable DNS service, like AdGuard and Windscribe, although they’re not recommended by PG
AdGuard leaks if the server is set to Fastest country. It works fine with a static one, though.
Thanks for the suggestion, but I am actually quite happy with the VPN and do not plan on changing.
My goal is to block more connections to trackers than the VPN does. I know the VPN has its blocklists, but what I use on desktop is stricter and I would like to get closer to that. My desktop has blocklists blocking tens or hundreds of thousands of domains.
You can use Android Private DNS and a VPN at the same time.
Not what op asked, if you use the private dns on android it overrides the vpn’s dns.
My bad, I totally misunderstood what was needed. I figured it was VPN+blocklists..
As @user1 said, you can do this with RethinkDNS and local blocklists. An alternative would be to edit the hosts file, if you can/want to do that (Just saw you use GOS, might not be possible then).
@carbonated @user1 not sure if this is the place to ask, but how do you achieve this? I downloaded Rethink DNS, set the DNS to use the system DNS so that it would not override my vpn’s DNS, but when I want to turn it on, it still gives me an error message saying there is already an always-on VPN. Am I missing something?
I explored the same solution and could not get VPN+RethinkDNS to work how I wanted, I think I initially misunderstood how they function.
I imported VPN config file into Rethink, enabled kill switch etc. Once all that was configured, I am unable to change any DNS settings and, in hindsight, that makes sense because the VPN is active.
So how does one use VPN +DNS/Blocklists (local) that are not VPN provider’s or configured via GrapheneOS private DNS? Theoretically, if i use VPN with killswitch and private GOS dns (which will have to be cloud-based and most likely a service like NextDNS or ControlD - now two cloud based accounts can theoretically see my traffic and an extra account in the chain) it makes my traffic and data more unique. The general community advice is to avoid this setup and just use VPN to blend in. Is the advice now changed?
When using the WG proxy in Simple mode, Rethink won’t let you override VPN’s DNS.
You can download and enable “On-device blocklists” under the rules section in DNS options.
I never saw this option. Wireguard VPN config enforced and I can only see these DNS settings:
Rules
Advanced
That’s why I never understood the recommendation because once I enabled wireguard VPN config, any other DNS settings become unavailable
The option is unavailable if the app is installed from Google Play Store.
Okay… Thank you for solving this issue. I don’t know how I missed that. Now I need to rethink my entire approach.
At the moment, one of the VPNs I use is NymVPN. I wonder if another provider with Wireguard config file import AND RethinkDNS local blocklists is a better solution. I’ll have to do more research, even though I do like NymVPN.
Maybe I am just understanding now what should have been obvious all along… is the only way to have Rethink DNS work alongside a VPN to not use the VPN app and instead import a Wireguard profile into the Rethink app? I am not sure how I feel about this, as I use pretty detailed settings which I would not want to mess up or miss out on (not sure the Wireguard profile does all the app does).
Yes, more or less. Your VPN provider has to allow generating VPN config file which you need to import manually for each location. With RethinkDNS you are unable to use the VPN app.
Some VPN apps do allow customising and these setting usually would not be possible via exported config file so if you rely on them, you will have to stick with the VPN app.
There seem to be several questions floating around here, let me try to answer some:
Download RethinkDNS from F-Droid (or Github) to have on device block lists. Make sure to activate the in app downloader. When using RethinkDNS in any way, it will block/use the VPN slot (all traffic goes through it) but it can forward the traffic via Wireguard to your VPN (download Wireguard configs from your VPN). This automatically limits any settings you can do though.
The only way I know to use both the RethinkDNS app and the VPN app is to use multiple VPN slots. This is possible via an additional work profile or private space - each gets its own VPN slot. Follow this guide How to: Firewall + VPN at the same time on Android. and set up Sing-Box to listen to all the traffic and to forward it through the VPN app. Once you set RethinkDNS via SOCKS to route traffic to the Sing-Box (which routes the traffic again to the VPN app), you should be able to use it as desired.