Rethink DNS, yes or no?

Good afternoon:

First of all thank you very much for your time and help.

A friend told me to put Rethink DNS on his mobile without having it rooted.

Right now he has it with Adaway in vpn mode. But it lacks a firewall.

He tried Karma Firewall but said it does not block enough. And he told me about Rethink DNS

Would you recommend it?

Best regards

Pd: I take this opportunity to comment that Afwall has a new version in his github. But in fdroid is the old one. Do you know if the new version will be uploaded to fdroid?

they get built not uploaded :wink: but latest one failed so not sure when: log: dev.ukanth.ufirewall:20241025 - F-Droid Monitor

Netguard or Rethink should work just fine, no root needed, can block ads, and apps etc

2 Likes

If you’re OK with RethinkDNS taking up your VPN slot, this ist maybe the best solution. It is highly configurable and works very well.

1 Like

Good afternoon @Licaon_Kter

You are right, technical error in my expression :wink: . And good thing you are there, because otherwise many applications would leave more gifts.

Thanks for your help.

Best regards

Good afternoon @m999

Vpn mode now you have it busy with Adaway. It does not use vpn in plan to choose ip.

The bad thing that RethinkDNS does not allow you to add your own lists, if I’m not mistaken?. But in principle it seems a good option, but as there is AdGuard and some other option. Well, you always try to look for what blocks the most and is stable.

What I do not know if you know of any tutorial to configure it. And especially if you can add lists of hosts, or custom connections.

Best regards

we are lost in translation, wat?

Good afternoon:

I want to say thank you to you who look for and point out the bad things about apps.

You check them out and fix them.

Because thanks to you, we know, for example, that an app uses third-party stuff, or other stuff. That a normal user would never know.

So, thank you for protecting us and for all the work you do to give us the well-built apps.

Best regards

2 Likes

In RethinkDNS you’re able to choose individual host lists from a huge selection. The firewall can allow or block individual connections per app. You may even choose your favourite DNS provider.
It’s not easy to fully understand what the app is able to. Unfortunately I cannot name you any good instructions.

1 Like

This is a good alternative. Simple, lightweight and allows blocking, selecting filterlist, adding your own filterlist, and choose between DNS providers, allowing manual addition of DNS providers and your own. UDP, DOT and DOH support. Per app firewall including system apps.
BTW, I am using my own DNS and using this app to use my own blockers too.

1 Like

Note this blocks on DNS basis. Apps can bypass it if they want.

Afaik, apps can bypass other DNS too based on what config is chosen. Same for almost every such app.

Netguard and RethinkDNS can also block on ip level.

rdns dev here

Rethink can connect to any WireGuard or SOCKS5 upstream (including to apps like ShadowRocket, InviZible Pro, and Orbot). That’s softens the blow (if folks are comfortable using a different app to their public VPN provider’s) of taking up the VPN slot.

pDNSf is neat, but it doesn’t yet block DNS over TCP (ref).

Yep. In Rethink, one can turn ON Configure → Firewall → Universal firewall rules → Block when DNS is bypassed to block connections from any such app that does it own DNS (domain name resolution).

3 Likes

Apparently, that setting blocks Telegram-FOSS for me?

Good afternoon @ignoramous

Thank you for your time and help.

I wanted to ask, if it would be possible to add to your application, some lists of some developers. Or if I can add them manually on my device to the application.

The lists would be:

https://divested.dev/pages/dnsbl

I am not able to activate it either:

A hug

Pd: @SkewedZeppelin , with your permission. I take this opportunity to suggest the sources I put before, for Divestos hosts.

A better question: who is a trustworthy DNS provider who has actually been historically legally proven to not keep any logs?

AFAIK this is the only audited public DNS that I’m aware of. They’ve no logging of DNS requests policy https://mullvad.net/en/help/no-logging-data-policy

Blocklists they use: GitHub - mullvad/dns-blocklists: Lists and configuration for our DNS blocking service (Adguard hosts included)

1 Like

Do you need a Mullvad account to use those servers or are they free?

It’s written clearly

You can use this privacy-enhancing service even if you are not a Mullvad customer.

Good afternoon:

also RethinkDNS in his github appear the lists he uses: blocklists/config.json at main · serverless-dns/blocklists · GitHub . And personalDNSfilter: Additional filterlists & testing | Zenz Solutions

In personalDNSfilter I managed to add other sources, and so customize it more.

Mullvad VPN I didn’t try it, but in fdroid it says: Mullvad VPN: privacy is a universal right | F-Droid - Free and Open Source Android App Repository ( Características controvertidas | F-Droid - Free and Open Source Android App Repository ). It would also be necessary to know more about the company, which is supposed to audit. Is it impartial or not, how the audit was made, etc…

The other two don’t say anything and don’t show any warning. RethinkDNS has a lot of block lists: Configure Blocklists | RethinkDNS or blocklists/config.json at main · serverless-dns/blocklists · GitHub . Although it would be nice to be able to add your own.

I think the best option is to try things yourself, and the one that best suits your needs. So, use that one.

Because the problem is not the applications. The problem, is everything that our devices have from origin: telemetry, unnecessary things, etc… A good system like DivestOS, Lineageos without weird stuff and apps you don’t use, for me is the best option. And without Google stuff, microg, Facebook, etc…

Best regards

I got annoyed because these apps usually break IPv6 connectivity. They make IPv4 preferred over it, might have something to do with the use of ULAs, I’m not sure, but it’s pretty annoying. Otherwise they’d be really nice to me. Rethink seems pretty nice since you can block connections without the VPN, plus it can do a bunch more, which makes sense since it has to take up the VPN slot. These other apps just don’t do it.