1

I've got a local network with associated WiFi where I'm already running a DNS server and I can resolve somehost.local.example.com on any machine in that network just fine.

On Android I can only resolve those host names when I turn off "Private DNS" and I understand why. However, I'd like to keep the "Private DNS" feature enabled in general.

Is there some way to either disable Private DNS when I'm in a specific WiFi network (either autodetected some way or even manually configured on my phone is fine) or to ensure that local host names (within the DHCP servers search domain) are still resolved using the DHCP-provided DNS even when Private DNS is enabled?

My phone is running Android 12, in case that matters.

Joachim Sauer
  • 93
  • 12
  • If you could use both local DNS and private DNS at the same time how should your phone know which DNS server to use for what query? – Robert Jan 27 '22 at 13:27
  • @Robert: based on the known prefix for local host names. The DHCP server provides the domain for the local network and I'd like the local DNS (also provided by the DHCP server) to be used for anything with that suffix (i.e. if the DHCP server says its local network is local.example.com then I'd like any hostname ending in .local.example.com to be routed to the local DNS and anything else elsewhere). – Joachim Sauer Jan 27 '22 at 13:42
  • So if I am an attacker/admin in the local network I just need to advertise may be .com as the local network suffix to redirect all DNS requests away from the private DNS server. This would be a security issue and violate the purpose of the private DNS. – Robert Jan 27 '22 at 13:55
  • Sure, that's why I'm also okay with having to explicitly mark a network to be used like this. As it stands it seems like I need to firewall any access to the private dns servers, which I suspect enables the exact same attack (given the fact that Private Browsing is set to "Automatic" and not "Force Enabled" or something like that). – Joachim Sauer Jan 27 '22 at 13:59
  • 1
    https://www.reddit.com/r/tasker/comments/9yvo2h/android_p_private_dns_setting_access_in_tasker/ looks like what you are after – beeshyams Feb 15 '22 at 09:10
  • 1
    @beeshyams: yes, this seems at least a partial solution. It allows me to enable/disable private DNS on some condition without having to have root (but involving a couple of manual steps). In an ideal world I'd even do the "split DNS" thing I mentioned above, but if this were an actual answer with details, someone could probably earn that bounty. – Joachim Sauer Feb 15 '22 at 09:31
  • Maybe, someone can build on this to get the bounty.. I am neither familiar with Tasker nor with the networking aspects, just googled it! // any body who can make an answer please do – beeshyams Feb 15 '22 at 09:58
  • If no one else does, I'll write up an answer myself in a few days. Just feels weird to jump in to self-answer when I just put a bounty up. – Joachim Sauer Feb 15 '22 at 10:02
  • 1
    https://android.stackexchange.com/q/239398/131553. closely related? – beeshyams Feb 15 '22 at 10:02
  • That seems to be pretty much exactly the answer I would have written. I think I even came across that post when I first researched this, but back then I was hoping to find a solution that wouldn't require a paid-for external tool. – Joachim Sauer Feb 15 '22 at 10:05
  • If that answer is what you are looking for, instead of wasting your your bounty drop into the chat room and request the mods to mark this question is a duplicate of that and possibly refund bounty – beeshyams Feb 15 '22 at 10:07
  • I'll leave it open in the hopes that an even better solution is somewhere out there. I'm not too worried about those precious internet points ;-) – Joachim Sauer Feb 15 '22 at 10:07

1 Answers1

0

I guess we can maintain the DNS while connecting to a wifi network by choosing advanced -> Static IP.

I tried to modify the wifi network on Samsung phone running Android 12 and I can see the option for DNS.

Modify Wifi Network

I hope this helps, if that's what you need.

Ash
  • 101
  • 1
  • I seriously doubt this helps, because that's just setting the same thing that's otherwise provided by the DHCP server. The issue is that "Private DNS" ignores those settings and uses pre-configured servers anyway. – Joachim Sauer Feb 16 '22 at 22:04