As shown in the screenshot, my Amazon eero Pro 6E is downgrading Private DNS (DNS Over TLS) requests from my Android phone to unencrypted port 53 requests. This makes the “Private DNS” feature entirely pointless and not offer any security, does it not?

I have created my own DNS resolver for blocking some web pages and I can't figure out how to use it on Android. If I configure the DNS of any other device to use my DNS, it works like a charm (I've tested this both Windows and Ubuntu). I tried configuring it in the Private DNS section of an Android, but it keeps saying "Couldn't Connect". If I use 1dot1dot1dot1.cloudflare-dns.com instead, it works. So, my question is: What are the requirements for a DNS Provider to be configurable in the Android's Private DNS section?

I have a Raspberry Pi on my network, configured as Pi Hole. And the router's DNS points to this. This removes most ads from devices connected to the network.. On one particular app (10Play) in Australia, it complains about an adblocker. Interestingly, every other TV app works fine. The only issue I can think of is the Pi. Is there a way on Samsung S24 and Samsung S20 to set the DNS for a particular Wi-Fi connection? I have looked at Settings under the Wi-Fi connection. The only thing visible is DHCP/Static option. I haven't changed this as I don't really want to use a static IP address. - Ideally, I would be able to set the DNS on say 2G, but leave 5G profile alone. - I am not looking to do a deep dive via rooting or ADB

When you connect to a WiFi network, the router assigns an IP to the android device (like 192.168.1.105). Now when a FTP or HTTP file server is run on the android device, other devices should type that IP to connect to the server. This IP is not fixed. When you switch to another WiFi network or enable hot-spot on android itself, it changes. Is there any way to assign a **fixed hostname** (for example my-pixel) so other devices could use it instead of the IP (like ftp://my-pixel.local:4030)? (I also asked this on Stack Overflow but no answer there)

Since today, my Android devices do not resolve local DNS names via my local PiHole.
In the Settings/Network/Advanced Settings, "Private DNS" was enabled. Disabled and, Firefox/[Network utilities](https://play.google.com/store/apps/details?id=com.myprog.netutils&hl=en)/[Ping Tools](https://play.google.com/store/apps/details?id=ua.com.streamsoft.pingtools&hl=en) can still not resolve "plex.lan" (Plex server) or "licht.lan" (Zigbee Gateway) or any other internal domain. Even with static IP settings, nothing works. Any clue where I can tell Android "Use the DNS server announced from DHCP"? The problem occurs on all my android devices simultaneous.
No problem on my Laptop or Workstation. | Wifi Settings | Ping Tools with custom DNS set | Ping Tools with "default" DNS server | | -------- | -------------- |--------| | | | | Note: The Ping Tool/DNS Checker test with the "default" server was done, when a static IP was configured, so there should be used the LAN internal DNS Server, but it clearly must use something else. Using Wireguard as a tunnel into my network works. But that can't be the solution when I'm already connected to my LAN. --- EDIT: The problem was not my Phones/Tablets, but my router that enabled IPv6 automatically and used the DNS Server from my Provider via IPv6

The financial website https://wex1.in got it’s domain name deleted but it’s still possible to reach it by adding 104.25.31.35 wex1.in to etc/hosts files on a ᴘᴄ. So how to access the website without editing /etc/hosts?

So I've been using [pihole](http://pi-hole.net/) and my Android 7 phone is making some unexpected requests to DNS for a particular domain. Is there an app or technique I can use to find which app is initiating those request. It seems the [Java level DNS cache](https://stackoverflow.com/questions/1835421/java-dns-cache-viewer) won't have that info. I'd guess one needs to intercept requests to the phones DNS service (*), recording the requested domain and the requesting app; are their hooks in Android to do that? I don't have root. Any help appreciated. (* - yes I know what this acronym means!)

I have local DNS (bind9) and DHCP (isc-dhcp-server) working to the point where my desktop and servers can see each other using the domain voncorax.internal. However, I also have two Samsung devices running Android 14. I have been able to get proper address resolution by configuring static IP and specifying my DNS server's IP address for both DNS1 and DNS2, but my devices are unable to resolve any names on my LAN when configured via DHCP. (Android appears to be forcing DNS2 to be 8.8.4.4.) Is there any way to set up my DNS and/or DHCP servers so Android will preferentially use my LAN's DNS server?

I have a weird issue; for a single connect request to a server that has a single AAAA record my device runs two A queries instead and fails to connect. My setup is as follows: * LAN (a regular router) without IPv6 connectivity * Android 10 with only WiFi connectivity, having one fe80: and two fd14: addresses * Debian box, wired, running dnsmasq, acting as the DNS server for all devices * dnsmasq will reply that website foo.com has an IPv6 of the Debian box, and no IPv4 I can: * Connect from my phone to the Debian box using literal IPv6 address * Connect from other devices to foo.com * Connect to foo.com from JuiceSSH * Do ping6 foo.com successfully in Termux on the phone What I can't do, I can't connect from my phone to the Debian box via foo.com using regular apps such as Chrome, or my own app. JuiceSSH is the weird exception. I tried making a new app, adding INTERNET permission and this bit of code only:

thread {
    Socket("foo.com", 9000)
}

` This works consistently with the apps such as Chrome in that it doesn't connect and—from what I see in dsmasq logs—performs two A queries (both with NODATA-IPv4 response). It never performs an AAAA query. Inet*Address.getAllByName() behaves in a similar way. I tested with another device running Android 6, same outcome. What's going on here?

I have an Android phone which I can share its internet connection via Ethernet tethering through an adapter (Ethernet to USB-C adapter). The device (camera) which is connected to the phone is able to utilise the internet connection successfully. I want to access the device from my Android phone using its local IP address in the web browser of my Android phone since that device (camera) has a webapp running on it which allows accessing its features and configurations. However when I type in the local IP address (or the local host name) of the device in the browser it times out (the IP address is correct and I have double checked this multiple ways). 1. is this possible on Android? 2. how can I achieve this? 3. is this a DNS problem? (my Android "Private DNS Mode" is set to "Automatic" which is the default option. I can achieve this using a laptop running windows without any issues but being able to use a mobile phone is a lot more convenient, as it means I won't have to carry a laptop with me.

I’m trying filter all DNS traffic using *dnsmasq* on Android (*LineageOS*). Here is what I did (thanks to the help of @IrfanLatif): 1. I installed it using *termux*: pkg i root-repo && pkg up && pkg i dnsmasq Then: cp /data/data/com.termux/files/usr/bin/dnsmasq /system/bin/ 2. On Linux it's possible to divert traffic to dnsmasq simply by editing /etc/resolv.conf and replacing nameserver 8.8.8.8 with nameserver 127.0.0.1. But on Android there is no such file, however I can achieve the same using an iptables command (divert all DNS queries to port 5353):

/system/bin/iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
    /system/bin/iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353

3. I create the file /etc/dnsmasq.conf containing:

domain-needed
    bogus-priv
    no-resolv
    no-poll
    port=5353 # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PORT
    listen-address=127.0.0.1
    no-hosts
    expand-hosts
    cache-size=500
    log-queries

    server=8.8.8.8
    server=8.8.4.4

    # Rules:
    # Test block:
    address=/bing.com/0.0.0.0

4. Now I can already start dnsmasq using the command: /system/bin/dnsmasq --pid-file --conf-file=/etc/dnsmasq.conf <&- I can also look at the logs and see that *dnsmasq* is running: logcat | grep dnsmasq

05-27 19:17:08.039  7988  7988 D dnsmasq : forwarded google.com to 8.8.8.8
    05-27 19:17:08.039  7988  7988 D dnsmasq : forwarded google.com to 8.8.4.4

But on the phone there is no internet access. This is the **first problem** I am having. 5. The **second problem** happens when I try to start dnsmasq on startup. Thanks to the input from @IrfanLatif, I flashed Magisk , and I have access to setpriv command. However, when I try to set a UID to dnsmasq:

/data/data/com.termux/files/usr/bin/setpriv --reuid=999 --regid=999 --clear-groups /system/bin/dnsmasq --pid-file --conf-file=/etc/dnsmasq.conf <&-

I get the error: dnsmasq: failed to find list of interfaces: Permission denied This is the second problem I'm having. I'm still trying to figure out what's going on. Any help from anyone will be much appreciated.

I've a website running on my computer, and I want to test it from my Nexus 7 tablet. I.e. over the local WiFi LAN. If I type in the IP address it connects, but shows the wrong web site, because I'm using named virtual hosting. So, what I want to do is be able to type mysite.local in to Chrome/Firefox on the Nexus, have them convert that to 10.1.2.3 (or whatever the local IP address is), then call the 10.1.2.3 server giving mysite.local as the Host to request. *My Question:* Does an Android 4.x tablet have an /etc/hosts files, or equivalent, that I can edit? (Without having to root the tablet, or anything like that.) On my Linux computers I do this by adding an entry in /etc/hosts: 10.1.2.3 mysite.local (Or Windows\System32\drivers\etc\hosts on a Windows machine does the same.) BTW, this is a semi-duplicate of https://android.stackexchange.com/q/9633/36187 , but that question was for Android 2.2, where apparently it was not possible. (One of the alternative ideas suggested there was configure DNS at the local router, but as far as I can tell my router does not do DNS locally so does not have that option. I could set up my own DNS server to do this, but that feels like a Big Job Solution.)

Is there a reliable, reproducible way to clear DNS cache on Android Nougat 7.0? I know there is at least one other question like this but that one was from 8 years ago and I hope I can ask again and see what people are doing these days. To explain a bit more my setup: I am testing a simple web page loading in Chrome browser with Wireshark packet capture to see the DNS requests. I am also running dnsmasq on my LAN and have mapped my webpages name: mymovies to the correct IP address of the machine on my LAN that the web server is on. So http://mymovies should work and it does load. The DNS lookups initially start with the DHCP server appending the DNS suffix (.home) so in the packet trace I see a DNS request for mymovies.home which fails because I don't have an IP address mapping for that in dnsmasq.conf. So a second DNS lookup for just mymovies appears and is successful. Mostly I find that subsequent DNS lookups are always just for mymovies and never again for mymovies.home no matter what I try to clear the DNS cache: I am testing over WiFi with a Moto G5 running Android 7.0 and it is rooted so I can run commands from within adb shell to the OS. I have tried lots of things like: 1. Closing down Chrome browser and starting it up again. 2. chrome://net-internals/#dns to clear host cache and flushing the sockets too 3. Settings > Apps > Chrome > Storage > Clear Cache 4. ndc resolver clearnetdns wlan0 The only thing that seemed to work for me was turning the phone off and on again. After restart I opened http://mymovies in Chrome on the phone. The page loaded and in the Wireshark trace I see the first DNS request for mymovies.home which fails as usual followed by a DNS request for mymovies that succeeds. I then closed down that tab and opened a new one and loaded the page again.. I did this twice. Each time now I see a dns request for mymovies only.. it doesn't even try mymovies.home. I restarted dnsmasq server and the first DNS lookup after that was for mymovies.home followed by a lookup for mymovies. But since then the DNS lookups are now only ever for mymovies. This is despite restarting the dnsmasq server a few times and trying the four so-called DNS cache clearing steps listed above. But to confuse the matters, I tried the trick of switching into and back out of Airplane Mode. Now when I load my little test web page a few times it doesn't seem to cache at all anymore? Loading the webpage always initially gives a DNS look up for mymovies.home which fails then a lookup for mymovies that succeeds. Even after restarting the phone the DNS lookups have now stopped caching completely and it firstly tries mymovies.home every time! I think this caching behavior is normal and expected but I'd just like a way to clear that cache so it goes back to trying mymovies.home without me having to restart the phone. I'm not sure if the IPv6 has anything to do with things? In my router I have specified the IP address of the Raspberry Pi on my LAN that dnsmasq is running on so the router directs DNS requests to it. I don't want the page to stop caching OR to always cache. I just want to be able to clear the DNS cache in a predictable manner so I can make the DNS request for mymovies.home appear once followed by the expected DNS caching.

Running android 10. [Network app](https://apt.izzysoft.de/fdroid/index/apk/com.github.axet.pingutils) shows correct the 2 DNS servers that i configured for my wifi, in ipv4, as well as 2 mobile data DNSes in ipv6. But regardless of my configured servers, it never passes through them. Using a [DNS query tester](https://f-droid.org/packages/androdns.android.leetdreams.ch.androdns) , it looks like it defaults to the first mobile data DNS, despite data being turned off. The request fails, probably since my router doesn't support ipv6. It can query my local DNS just fine when explicitly used. The only requests ever logged by my local DNS server are from google.com, connectivitycheck.gstatic.com, dns.quad9.net for some reason, and ONE app that follows policy (an XMPP client). Using a [packet sniffer](https://apt.izzysoft.de/fdroid/index/apk/com.summer.netcloud) , it looked like everything was going through 8.8.8.8, though i'm not sure exactly how the app works. I also tried forcing the DNS under a local VPN with [this app](https://f-droid.org/en/packages/org.itxtech.daedalus) , which definitely blocked all calls to 8.8.8.8 because then no domain names could be resolved, effectively blocking internet. Explicit calls to my DNS server still work. There's a lot of weird android behavior, but this just seems like a bug.

I have proved, and will offer any proof needed here of what I am seeing. I have two BIND servers on my LAN that provide local IP addresses for devices. The public versions of those addresses are served by Network Solutions. So when laptops and cell phones are connected to the local WiFi, access to the LAN based mail server is available, and when remote the mail server is found via the Public address. The laptops connect to the same WiFi APs. The local bind servers are manually entered into the settings for all wired and WiFi devices. Local DHCP also has the local BIND servers listed. The laptops via the WiFi find the mail server. However, regardless of the email app (we have tried eight of them) and regardless of the Android Version, we have tried 10, 11, 12 and 13, and regardless of the phone maker (we have tried Acer, Huawei and Sumsung, Android can't "find" the mail server. This is even though, when running IP Tools on said phones, both the mx record is correct and the IP address for the mail server is correct. Plus the phones can ping the IP address of the mail server but fails the FQDN for the server -- the name provided via lookup in IP Tools. How can I fix Android? As of now I have to create TWO mail apps, one for local with the local IP address and one for when off the LAN.

I have four Asus APs throughout my home, with the same two SSIDs, one for 2.4 and one for 5GHz. If I connect my Android device to the 5GHz band, then it works fine on 3 APs until it roams to one of the APs (kitchen), after which it fails to find internet. If I forget the network and then join it anew, it works till it roams back to kitchen from another AP. It also works fine on the 2.4 band. All other devices, fixed and roaming, work fine. I have fully reset network settings on Android, set static IP and 8.8.8.8 DNS, have reset the AP in the kitchen and also reset the AP that is connected to the gateway and is serving DHCP. I changed the SSID to something different and it worked on that AP, but that's not a permanent solution and it's a pain to change them throughout and reconnect so many devices, and may not even work.

From my tablet running Android 9 I would like to access a web site on my local server using its hostname (*server*). This works fine from my laptop computer running Debian 10. However, on my tablet I get the error message "This site can't be reached" when I enter the address http://server.local in a web browser. Any clues?

I have a VPN (WireGuard right now, but the same behaviour manifested with OpenVPN) that provides me with an IPv6 address. I can confirm that it is working because pings (both from the android terminal with ping6 and to the android terminal from the other side of the VPN) work. This also confirms that the VPN is establishing the DNS server properly, as I am using an internal domain while pinging from Android. However, the browser (both Chrome and Firefox) only work properly when the main connectivity has also IPv6 enabled. That means that if I am connected to a WiFi that provides IPv6 connectivity, then the VPN works properly. But if I am using mobile data (my ISP doesn't provide IPv6) or I am using a IPv6-less WiFi, then the browser doesn't work for IPv6-only URLs. The android terminal ping6 command keeps working in all scenarios, meaning that the VPN is properly connected and working, but it's as if the browser/android machinery refuses to use AAAA records and the browser gives me an error. Is that a known issue? I am using Android 11. Can I change something or force Android to believe that there is an IPv6 connection established? Is the browser's fault? Is the DNS resolver fault? Edit: Forgot to mention: if I manually enter the IPv6 into the browser, it loads the web properly. So it seems that there is a DNS issue there, but the DNS is properly set up. So I assume that Android (or both browsers) are misjudging when to use AAAA records, hence the title of this question.

I've set up an L2TP/IPsec PSK VPN between my phone and my home network. It works, but Android doesn't use my home DNS server, so none of my internal hostnames resolve. I can access internal servers by IP address, but not by name. How can I get the phone to use my internal DNS instead of whatever servers it normally uses? Some background: I'm using a Samsung Epic 4G running Gingerbread. My VPN server is running xl2tpd and openswan on Linux. I checked the routing table on my phone, and traffic is correctly being routed through the VPN. On the server, there are options in the PPP config called "ms-dns-1" and "ms-dns-2" that allows the server to push DNS server IPs to the client. But apparently those options are only used by Microsoft clients. I've Googled the issue, and other people have the same problem, but I haven't been able to find a solution. My phone isn't rooted. I'm willing to root the phone if I have to, but I'd prefer not to. **Edit, 2 months later** I finally found out what was wrong, and it had nothing to do with DNS. I'm using my desktop computer as the VPN endpoint, and I had neglected to turn on IP forwarding, so it wasn't forwarding packets. I could access services on the VPN endpoint itself, but anything that required forwarding packets (including DNS lookups) failed. The VPN client *was* correctly picking up DNS information, but it couldn't reach the DNS server because of the forwarding issue. Once I corrected that, the VPN worked perfectly. To summarize, I'm an idiot.

Device is on Android 9. NOT rooted. I want to set the DNS to CIRA (or Cloudfare or whatever, not the point). Yes my wifi router is already set to proper DNS. If I am not at home I want the device to have set DNS. Question 1: Is how do I do I set DNS on Android for Wifi but also for Mobile connection? I looked at a couple of sites recommend to modify the Wifi setting as the easiest method. I don't want to install 3rd party VPN loopback tool because I use extenral VPN so I don't know how that will work together. This talks about 8 methods to set the DNS. Only handful would apply to me: https://forum.xda-developers.com/t/guide-how-to-change-dns-in-android-device-8-methods.3273769/ However, this page talks about setting up yet another way. https://www.zdnet.com/article/how-to-turn-on-private-dns-mode-on-android-and-why-you-should/ So I am a bit confused. It looks like the 2nd link is not setting the specific Wifi. Is it going to apply to LTE mobile connection? My device offers both ways to set up: via *Settings/Network&Internet/Advanced/Private DNS* ... or via *Settings/Wi-Fi/Modify network/Advanced options/IP Settings* So is this the best way to setup via the Private DNS? Question 2: What do I enter in the box "Private DNS", is both word domain and the IP address okay? Question 3: If I root my device, do the rooted methods work better?