-
Notifications
You must be signed in to change notification settings - Fork 589
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS resolving does not work on Android with VPN enabled #450
Comments
Interesting, so we have to pull DNS servers from all connections, not just the active one is what you're saying. @user-none since you did the android 8+ code, mind taking a look at this? |
The StackOverflow code is using an API method that's depreciated, getAllNetworks. So this method cannot be used. The getAllNetworks doesn't specify what order the networks will appear in the array, so there is no guarantee the DNS server provided by the VPN will be used. If a network that's not the VPN is used, DNS requests would be routed to whatever DNS server is registered for that network. We can't tell if the network belongs to the VPN or not. All we can do we can do is try the VPN servers for each network until one works. So if you're using the VPN due to a restrictive DNS or so the requests don't go to your ISP (for example) this method could still send the requests to system(s) you don't want used. Even if routed over the VPN the DNS lookup would happen with the wrong server if they're publicly accessible. It sounds like the VPN isn't properly registering itself as active within Android. This is what should be happening. The current use of getActiveNetwork is specifically to determine which network can have traffic routed over it. If there is no active network this should return I don't think a solution that can end up bypassing the VPN is proper. The behavior really sounds like the VPN provider is doing something wrong. |
I believe you are right and the VPN provider does it wrong. Unfortunately, I can do nothing with it. Moreover, all other applications work fine. This means we have to work around it somehow. We have overcome it in our application by patching c-ares sources. The patch sets Google public DNS in case the list is empty. It works but I will be glad if you share a better solution. And it will be awesome if it can be fixed upstream |
The problem is that a VPN provider creates a new active network connection but it leaves the DNS server property empty. We can confirm that AdGuard VPN does it. C-Ares on android get only one active connection and remain with nothing in this case.
The reply on StackOverflow suggests iterating over all available connections to find out available DNS servers. I'm not sure it's the best solution but it does the trick. It would make c-ares more reliable
The text was updated successfully, but these errors were encountered: