Skip to content
Daniel Mönch edited this page Nov 8, 2019 · 7 revisions

How to Log DNS Requests

  1. Starting with Android Pie (9+), make sure to temporarily disable "Private DNS". (See #1230)
    1. Settings → Network & internet → Advanced → Private DNS → Off
  2. Start AdAway and go to the Menu.
  3. Select "Log DNS Requests"
  4. Click 'TCPDUMP IS NOT RUNNING!'
  5. Wait until it shows 'TCPDUMP IS RUNNING!'
  6. (Whitelist only): Go to the main screen and click the button to 'Disable Adaway'.
  7. Open the App you wish to monitor for a while. Click around on things and use the application as you normally would.
  8. Go back to AdAway / Menu / Log DNS Requests and select 'OPEN LOG FILE'.
  9. There you look for suspicious hostnames.
    1. REMOVE ADS (Blacklist): Try to block some of them by adding them to your Blacklist from that screen (long press a hostname), reapply AdAway and restart your Android device.
    2. FIX APPS THAT AREN'T WORKING (Whitelist): Look for some of the hosts the app will try to connect to and add to your Whitelist to allow it. (Keep in mind this will allow ANY app to connect to that URL to pull ads.)
  10. (Whitelist only): Re-apply Adaway to see if your whitelist additions worked. Remember if you see a bunch of similar host names like 'a.adserver.com', 'b.adserver.com', 'c.adserver.com'; you can just add one of them to your whitelist, long press on it to edit. Then change to '*.adserver.com' to whitelist that whole domain.
  11. Make sure to enable "Private DNS" again after your logging attempt.
  12. If it helped and you are totally sure, which hostname served the ads, please report the hostname(s) to a host file community, like Hosts Inbox.

If you are not getting any logs showing up:

  • "Private DNS" might be active. See steps above to disable.
  • The TCPDump process could be getting killed by SELinux enforcing policy. You can go to the forums here, http://forum.xda-developers.com/ find your device thread and see if there is a way to get your device into SELinux Permissive state. Then you can try the above again.