Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blog idea: Android 9 Secure DNS and blocked port #149

Closed
Mikaela opened this issue Jul 10, 2019 · 7 comments
Assignees

Comments

@Mikaela
Copy link
Owner

@Mikaela Mikaela commented Jul 10, 2019

Helsinki metro: Android reports no connectivity in WLAN and asks if I want to keep using it unless I disable secure DNS and toggle WLAN off and on. Mobile data was disabled.

Captive portal: I need to test it somewhere, Espresso House or Hesburger?

This question just happens to be something I have wondered since I heard of the feature and now that I got Android 9.

Forgotten test: what happens if I enable Intra (DoH) while Android claims not having connectivity. Maybe it will fail as it cannot resolve dns.quad9.net? What if I point it to 9.9.9.9? Is the certificate valid for that?

Sent from my Nokia 1 using FastHub-Libre

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

Note: at PPFI HQ secure DNS was reporting not connected in settings while WLAN was connected and usiing possibly TREX server? DNA (ISP) servers. We don't have a captive portal.

Quad9 DNS is valid for at least the IPv4 addresses https://149.112.112.112/dns-query

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

Correction, all four IPs have valid certificate

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

Test: tell PPFI HQ router to use Quad9 DNS for IPv4 and Android to use secure DNS in automatic mode.

Result: Android reports that secure DNS is in use.

Todo: try it at home where ISP doesn't support secure DNS and MiFi doesn't have option to change what DHCP gives.

Test problem: for some reason the router doesn't allow me to configure the IPv6 DNS servers I want to use and thus the ISP ones always get used.

ISP: DNA

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

Helsinki metro without mobile data: WLAN has no internet connectivity

Add Intra: there is still the WLAN symbol with an x to tell me the same error, but the connection works regardless.

Captive portal: R Kiosk at Sörnäinen metro station didn't like my phone and I cannot comment without further testing.

DoT Automatic without DHCP providing DoT capable server: test pending…

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

Disabling Intra in metro: it warns about DNS being insecure likely, because it cannot detect connection to DoT?

Captive portal: getting from metro to Espresso House WLAN I am greeted by a captive portal, so I guess the captive portal detection works without DoT and I am happy about that.'

In the blog I will need to note this condition in case it's caused by the move without DoT getting established in the middle.

Oh and Intra was using the IP address above and I am not curious enough to see if my hypothesis on it failing to find dns.quad9.net was correct.

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

DHCP with DoT incapable DNS server and Secure DNS in automatic moide: the option will just say "automatic" as opposed to at PPFI HQ where it said "enabled" and when it's manually enabled it will say the hostname "dns.quad9.net" instead.

@Mikaela

This comment has been minimized.

Copy link
Owner Author

@Mikaela Mikaela commented Jul 10, 2019

I am going to claim that I am working on it, while it may not happen tonight, because I have all the information I need.

@Mikaela Mikaela closed this in ba5d2a5 Jul 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.