Introducing 1.1.1.1, the app!

dash-dns
#21

Thank you for the information and your reply, sdayman. It seems our setup is very similar. Before making changes in my router, the router automatically handled dns. I changed that, by adding Cloudflare servers, turning on DNSSEC and dns rebind protection.

Prior to installing the cloudflare app, when testing rebind protection, a notice would pop up in my router log. I no longer get those notices, with the app running.

DNSSEC and rebind is definitely enabled in router. Why would that be? Does the app intercept those attempts?

Sorry for all these questions.

#22

Since the app communicates over HTTPS to 1.1.1.1, it no longer tells your router what DNS queries it’s running and your router has no way of reading those DNS queries or answers, so your router effectively doesn’t know any DNS work is being done.

With the app, your DNS is encrypted, but your router won’t tell you of DNSSEC or rebind errors. With your router, it logs DNSSEC/rebind errors, but doesn’t encrypt your DNS traffic.

3 Likes
#23

Hi Judge,

Thank you for the very detailed explanation. It makes perfect sense. I just wanted to make sure everything is working as it should. It sounds like it is, without the log entries and I’m fine with that,

#24

I do have a couple more questions. :slight_smile:

Which is preferred, DNS over HTTPS or DNS over TLS?

Are there any performance or security advantages of one over the other?

Thanks again for such helpful forum members.

#25

Hi,
I have installed the app. But do I need also the manual DNS (1.1.1.1) setting in my device? or just running the app is sufficient? If manual DNS setting is necessary then how does it work with mobile data?

#26

No.

You can’t set custom DNS servers for mobile data on most devicess or carriers. That’s why there are apps for it. The Google DNS app works the same way.

#27

DNS over HTTPS is preferred. The most common reasoning is since DNS over TLS uses port 853, DNS over TLS can be blocked but you can’t block DNS over HTTPS without collateral damage. Also if the webserver you’re connecting to offers both Content and DNS resolution like google and CF, DoH can be faster due to connection reuse.


See section DoT vs DoH ^

4 Likes
#28

Thank you for the explanation and link, anzetal.

#29

This is the best app ever. Useful for people in a country where government insanely dan brutally hijacking DNS.

1 Like
#30

Hi! Now you can.

Our latest update handles that for you.

3 Likes
#31

I can confirm, the auto start is working fine now. Thank you, this is a big help for me. Now, I don’t have to remember to start the app after phone re-start. Thanks again! I appreciate the efforts for this app.

1 Like
#32

The latest app update now allows access to my router via it’s web address: router.asus.c**. Before I could only access via 192.168.x.x, with the app running. Thank you.

1 Like
#33

oh this is something new.
i like it .
Thank you for providing such information.

#34

I have a couple of questions.

  1. Why does 1.1.1.1 App use 10% more battery than running a trusted VPN? Some would argue a VPN is better due to battery issues.
  2. I know 1.1.1.1 secures DNS. I know DNS based website restrictions would be circumvented with 1.1.1.1 running. My question then is how does 1.1.1.1 circumvent SNI blocking?
#35

Not sure what apps you are comparing in this instance. That hasn’t been my personal experience, but if you could post a link to info/ test results I’m happy to pass them along to the app team.

I have no idea how DNS based website restrictions would be circumvented using 1.1.1.1. The purpose of 1.1.1.1 and the 1.1.1.1 app is to provide access to a DNS resolver which provides DNSSEC validation and does not retain user data. It is not a circumvention tool to get around geo or other restrictions on services.

#36

I have ran the 1.1.1.1 Android app for a full battery and it used about 40% of my battery. I then ran my VPN for a battery and it used 30% of the battery. Maybe it was a fluke.

I am a bit confused why you didn’t understand my second question. Did I word the question wrong? South Korea blocks many websites via DNS redirects. Recently, Korea instituted SNI based blocking. Yet, with 1.1.1.1 I can circumvent the governments block. How does a DNS resolver break the governments SNI blocking? I don’t know how to word the question any differently.

#37

Cloudflare does not provide censorship circumvention tools. If you are able to resolve the DNS name of a host through 1.1.1.1 there’s nothing in the response or subsequent request for the content by your browser that the app is doing.

#38

My experience using your app, seems to discredit your response.

#39

hello,

the status page on my android 7.1 phone indicates that IPV6 queries are not being resolved.

please review and advise:

#40

Seems your provider doesn’t support IPv6, you can’t connect to the IPv6 resolvers. That’s not really an issue.

1 Like