Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve DNS settings #1134

Closed
ameshkov opened this issue Mar 26, 2017 · 25 comments

Comments

Projects
None yet
3 participants
@ameshkov
Copy link
Member

commented Mar 26, 2017

Instead of just a low-level pref.vpn.dns, we could improve DNS settings and provide people with an option to choose from a pre-defined list of DNS servers.

Eventually, we could add DNSCrypt support.

UI

Raw mockups:
https://app.moqups.com/ameshkov/lfmli7Cikw/view/page/a68657938

Icons:
dns_icons.zip

DNS Filtering

Main screen:

adguard for android - dns filtering moqups 2017-07-05 15-58-36

Description

  1. DNS Filtering is disabled by default.
  2. Do not gray out controls when it's disabled, users should be able to change anything.
  3. Help icon leads to a knowledge base article describing what DNS filtering is.

Custom DNS Server

Regular DNS:

adguard for android - dns filtering moqups 2017-07-05 15-58-46

Description

Please note how "Custom DNS settings" item is divided into two parts. The switch is tappable independently of the "Custom DNS" part.
Tap on the "Custom DNS Settings" brings up this dialog window:
adguard for android - dns filtering moqups 2017-07-05 15-59-03
You cannot enable "Custom DNS settings" unless the user enters servers addresses.

DNSCrypt:

adguard for android - dns filtering moqups 2017-07-05 15-58-55

  1. LEARN MORE button leads to https://dnscrypt.org/

@ameshkov ameshkov added this to the 3.0 milestone Mar 26, 2017

@TPS

This comment has been minimized.

Copy link
Contributor

commented Mar 27, 2017

#1053, #1006, &c?

@TPS

This comment has been minimized.

Copy link
Contributor

commented Mar 31, 2017

Since miscellaneous DNS RFEs are collecting here, could there be a way to determine what app/site/whatever made a DNS request & have that put into the Filtering Log details?

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Apr 2, 2017

app/site/whatever made a DNS request & have that put into the Filtering Log details

Unless an app actually makes this request. Nobody does it, though. Instead they "ask" an OS for the host's IP address and OS makes a DNS request to find it out.

@TPS

This comment has been minimized.

Copy link
Contributor

commented Apr 2, 2017

IC: So, in general, the OS would show as the source. Anyway to track via different mechanism who's asking the OS? &, whenever it can be determined by whatever method, to note that in logs? Problem is, DNS requests "leak," even from apps that are ostensibly blocked from mobile/wifi data, & that can be used for tracking via, e.g., specially crafted host/DNS requests.

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Apr 2, 2017

whenever it can be determined by whatever method, to note that in logs?

Nope, unfortunately.

that can be used for tracking via, e.g., specially crafted host/DNS requests.

It will anyway be a request for a subdomain, so it should be easy to block such.

@TPS

This comment has been minimized.

Copy link
Contributor

commented Apr 2, 2017

specially crafted host/DNS requests

request for a subdomain, so it should be easy to block such

How, if subdomain/DNS address is custom generated, per app/page context?

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Apr 3, 2017

How, if subdomain/DNS address is custom generated, per app/page context?

By blocking all subdomains of a given second-level domain name

@TPS

This comment has been minimized.

Copy link
Contributor

commented Apr 4, 2017

Shrewd trackers would simply block that by making that part of important domain — so, e.g., image.example.com, www.example.com, whatever.example.com, imageS.examples.com & myriad other useful subdomains, interspersed w/ fgkgsdhy.example.com, ahg.example.com jtdgjtgghftyy.example.com, random-letter-conglomerate.example.com, &c for nefarious purposes.

I've seen something quite like this for ad-serving/tracking.


What syntax is used for blocking subdomains, while whitelisting randomized useful 1s?

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Apr 5, 2017

What syntax is used for blocking subdomains, while whitelisting randomized useful 1s?

Something like that.

Blocking subdomains:
*.example.org

Unblock useful domain:
@@||www.example.org

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Apr 21, 2017

Here is the very first mockup of the DNS module page:

adguard for android - dns c2 b7 moqups f0 9f 94 8a 2017-04-21 14-38-47

@nkartyshov please start with the UI part, this mockup should be enough for the first days.

@nkartyshov

This comment has been minimized.

Copy link
Contributor

commented Jun 27, 2017

Implemented, review AFA-CR-2

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 10, 2017

@nkartyshov let's also add "Response IP" to the filtering log.

Also, we'd better print dns request type there.

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 14, 2017

@nkartyshov if user uses a DNSCrypt server, DNSCrypt tab should be chosen automatically when he or she enters custom DNS settings.

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2017

Done

@ameshkov ameshkov closed this Jul 18, 2017

@TPS

This comment has been minimized.

Copy link
Contributor

commented Jul 18, 2017

@ameshkov For the record, what all was implemented? A lot of ideas were put through here.

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2017

@TPS everything from the first post:
#1134 (comment)

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2017

@TPS if you wanna try it, new build is here:
#1289 (comment)

@ameshkov ameshkov added the P2: High label Jul 18, 2017

@TPS

This comment has been minimized.

Copy link
Contributor

commented Jul 18, 2017

if you wanna try it, new build is here: #1289 (comment)

@ameshkov I'm very tempted, but I run the Amazon ß exclusively now. Can they be run side-by-side (w/ 1 disabled)? Or should I wait for the update via Appstore?

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2017

@TPS nope, it can't:(

@TPS

This comment has been minimized.

Copy link
Contributor

commented Jul 18, 2017

'S'alright, I just got an update notification from Amazon. I'll just wait for that to actually update (usually several hours later 😐).

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2017

@nkartyshov I forgot about two important things.

  1. If user is in "proxy + manual setup" mode, DNS filtering settings should be grayed out and we should show a warning message: DNS module cannot be used with the current filtering mode.

adguard for android - dns filtering moqups 2017-07-18 20-57-51

  1. The lists of pre-defined DNS servers are too short now, we should add more servers.
  2. We should improve "Custom DNS server" dialog, let people add DNSCrypt resolvers manually:

adguard for android - dns filtering c2 b7 moqups f0 9f 94 8a 2017-07-18 19-49-11

@ameshkov ameshkov reopened this Jul 18, 2017

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 22, 2017

The last thing left to do -- change the matching algorithm. We don't need the full-scale matching for the DNS filtering, so we'd better replace it with something relatively simple.

Basically, we need to support the very basic syntax described in these two sections:

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jul 25, 2017

Done

@ameshkov ameshkov closed this Jul 25, 2017

@TPS

This comment has been minimized.

Copy link
Contributor

commented Aug 18, 2017

@AdguardTeam I just wanted to mention how impressed I am with the work that was done in this issue. It's really extraordinary! 👏

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Aug 18, 2017

Thank you:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.