Android DNS

I’ve changed my Android Pie to use 1dot1dot1dot1.cloudflare-dns.com. This seems to work fine when I’m on my home WiFi. But on my work’s WiFi, the WiFi says “No internet”. If I change back to default DNS, I don’t have this problem. So I guess it’s incompatible with my work’s WiFi. Is there any way to use the Cloudflare DNS all the time except when I’m on work’s WiFi? I also tried the app, but it uses a LOT of battery.

1 Like

My guess would be your company’s ISP hijacks Cloudflare’s address. Check out Have problems with 1.1.1.1? *Read Me First*

You may be right. I’m not sure what to search for or where to search to find whether the domain I’m reporting already has an entry. My company uses some ISP locally; I think from the tracert it’s ATT. The tracert is the only debugging command that works. The nslookup to 1.1.1.1 and 1.0.0.1 fails, although nslookup to 8.8.8.8 works. Is this enough information to submit somewhere?

Meaning? Can you post that output? What about the other debug commands from the article?

C:\windows\system32>nslookup example.com 1.1.1.1
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 1.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

Same as above for nslookup to 1.0.0.1, and for “nslookup -class=chaos -type=txt id.server 1.1.1.1”.

Now 8.8.8.8:
C:\windows\system32>nslookup example.com 8.8.8.8
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: example.com
Addresses: 2606:2800:220:1:248:1893:25c8:1946
93.184.216.34

And tracert:
C:\windows\system32>tracert 1.1.1.1

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms l3-b1f1-idf1-v128.lmo-us..com [10.76.128.1]
2 1 ms 1 ms 1 ms 10.76.127.251
3 7 ms 4 ms 4 ms att-gw1.lmo-us..com [10.76.0.98]
4 32 ms 34 ms 31 ms att-wan1.scl-us..com [10.94.0.98]
5 29 ms 28 ms 29 ms att-g000-wan1.scl-us..com [10.94.0.97]
6 29 ms 28 ms 28 ms wan2-g032-g002-wan1.scl-us..com [10.94.255.254]
7 29 ms 29 ms 29 ms 10.95.15.9
8 29 ms 30 ms 29 ms 10.95.252.254
9 30 ms 30 ms 30 ms 199.233.58.2
10 30 ms 29 ms 29 ms 199.233.58.13
11 30 ms 30 ms 30 ms 4.16.205.9
12 30 ms 30 ms 30 ms ae-2-3611.ear4.sanjose1.level3.net [4.69.211.221]
13 31 ms 32 ms 31 ms 4.7.18.106
14 31 ms 31 ms 30 ms one.one.one.one [1.1.1.1]

True, the trace would indicate you reach Cloudflare.

Maybe they did not hijack the address itself but only the lookup, just speculating.

Can you run the following command in a PowerShell command prompt?

(Invoke-WebRequest -Uri 'https://1.1.1.1/dns-query?ct=application/dns-json&name=cloudflare.com').RawContent

PS C:\windows\system32> (Invoke-WebRequest -Uri ‘https://1.1.1.1/dns-query?ct=application/dns-json&name=cloudflare.com’)
.RawContent
HTTP/1.1 200 OK
Connection: keep-alive
Access-Control-Allow-Origin: *
Expect-CT: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
CF-RAY: 4be4d04619ac51ca-SJC
Content-Length: 289
Cache-Control: max-age=484
Content-Type: application/dns-json
Date: Wed, 27 Mar 2019 22:31:16 GMT
Server: cloudflare

{“Status”: 0,“TC”: false,“RD”: true, “RA”: true, “AD”: true,“CD”: false,“Question”:[{“name”: “cloudflare.com.”, “type”:
1}],“Answer”:[{“name”: “cloudflare.com.”, “type”: 1, “TTL”: 484, “data”: “198.41.214.162”},{“name”: “cloudflare.com.”, "
type": 1, “TTL”: 484, “data”: “198.41.215.162”}]}

So you can reach Cloudflare and you can resolve via DoH but not via a regular lookup.

And Private DNS on Android does not work either? That would hint at DoT not working either (maybe they block TCP port 853).

Do you have a Unix machine at hand?

I do have a Unix machine at hand. I’m not sure whether its connectivity is the same. Also, this is what I get on my PC:


And this is what I get on my phone connected to the corporate WiFi:

And to re-state the original problem, when I use Private DNS on Android, I am completely disconnected from WiFi. In settings, the WiFi icon says “No internet”.

If you can clarify this you could debug it further.

I guess it says so because it cant resolve anything. Just a guess.

We have Unix machines which I think are more protected. I’m not sure whether they have direct access to the internet. I log into them through Go-Global.