-
-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dns leak on android 9 devices #16
Comments
I will assume you have set the DNS on your Pi-Hole to use Google's DNS Servers at 8.8.8.8 and 8.8.4.4. To verify that everything is working as intended, go to www.dnsleaktest.com and perform an Extended Test. When your Wireguard VPN connection is alive, it will show that Google is serving 100% of your DNS requests. This means that all the traffic flowed through Pi-Hole, and not your ISPs DNS Servers. Some applications have advertising very natively ingrained, and Pi-Hole can't kill it. For example: the Google Launcher on Android shows you cards when you swipe right, and ads are part of the same payload that has the article headlines and summaries... YouTube employs a similar strategy of serving ads from the same hostname as the video content. The Waze application serves ads from the same endpoints that are responsible for serving navigation data. In other scenarios, advertisers are 1 step ahead. The blocklists your Pi-Hole uses may not have caught up with what domains are being used in the wild. To get the best protection, you need to take a multi-pronged approach to blocking ads. Use Pi-Hole, and use a browser like Kiwi on Android (which has native ad blocking baked in), and add the uBlock Origin, and uBlock Origin Extra extensions - and possibly even the nanodefender extension. I'm glad that things are working out, if something is amiss and there is an opportunity to improve this implementation for everyone's collective benefit, we can work through those details together. Lets start with the DNS Leak Test and see where we land. |
Thanks so much for your answer,i really appreciate your help. So i’ve tried the extended test on dnsleak and the result are that if i perform the test from my pc or from a device where ads are blocked,i see that it use google dns. On the other devices,i see that my isp dns are used. I really understand why,because i’m sure the vpn is working as intended (if i try to reach the pi hole with http://10.66.66.1/admin/index.php it show my pi hole home page)
|
For the devices where you are running Wireguard, and experiencing a DNS Leak, I want to know the Operating System version number, and Wireguard client version number. |
for example,on my samsung galaxy s8,i'm running android 9 and wireguard v1.0.20200407. on other devices that i tested, i alwayes downloaded the last version of wireguard from the play store |
devices that are working are: my pc with windows 10, iphone xs ios 13.5.1, huawei p9 life android 7, galaxy a50 android 10 devices that are not working are: galaxy s8 android 9, redmi note 7 android 9, mate 10 pro android 9. |
I need to get my mittens on some Android 9 devices to see what is going on, but the general trend seems to be Android 9 + Wireguard is resulting in a DNS Leak. As a temporary solution, you could attempt to try the OpenVPN version of this guide on your Android 9 devices? |
I'll try the openvpn Version as soon as possible then i'll update this post :) thank you man!
|
hi! i have some news so i update the post. i've tryed your guide (with wireguard) on my tablet,samsung galaxy s5e with android 9 and it didn't work. then,i update the tablet to android 10 and retryed. with android 10 it works! so yeah the problem is related to android 9.. am i the only one with this problem? does any other had the same issue? can i help fix the problem in some way? |
Hi. I'm having the same issue. Andriod 9. Pi-hole is working as I can connect to the web interface perfectly. But when using the Split Tunnel method, for example, ads are not being blocked (DNS leak), but they are blocked if using Full Tunnel method. I can confirm it is an Android 9 problem as I just created another device configuration for my Mac running macOS 10.15.5 (Catalina) and when connecting through WireGuard app using both Split & Full Tunnel methods ads are being blocked. The problem seems to be with the Split Tunnel approach (the default and recommended configuration) in Android 9. I'll try the OpenVPN approach in Android 9 as recommended above. |
thank you for your contribution! i'll try the full tunnel method on my devices :) I'd be curious to know what the problem is with android 9 |
I believe the issue is with chromium and android 9 combination. Full tests that I made on dnsleaktest from my phone with only split tunnel:
I noticed this because when I was looking at the pi-hole webpanel I saw a lot of traffic from apps on my Android 9 client (actually my only one). To confirm that this was working on Firefox, I opened the same a bloated site on Chrome and Firefox. The firefox version was wonderfully clean. When on split tunnel, every time I opened the dns leak test home page, it showed my ISP address. I guess this is because they are reversing my ip from the http request, that's expected. When I was on full vpn, all tests and ip from home pointed to google. |
In Chrome, go to |
Hi, I wanted to congratulate you for this guide, it was very useful and it is really simple to follow. I'm having a problem though: I followed your step-by-step guide, created the account, the virtual machine, the firewall rules and started your script that installs the pi hole service and creates the various accounts for the vpn. I then imported them into various devices, such as my computer, my smartphone and other smartphones of various friends. Herein lies the problem, I did the test on 7 android smartphones, an iPhone and a pc. Everything works on PC, iPhone and 2 Android smartphones, on others it doesn't. The ads are not blocked, and I can't understand why. Do you have any suggestions for me? I specify that from all the devices I can reach the pi hole via ip address, so I think both the pi hole and the vpn are working correctly, but I could be wrong.
The text was updated successfully, but these errors were encountered: