0

I have proved, and will offer any proof needed here of what I am seeing.

I have two BIND servers on my LAN that provide local IP addresses for devices. The public versions of those addresses are served by Network Solutions. So when laptops and cell phones are connected to the local WiFi, access to the LAN based mail server is available, and when remote the mail server is found via the Public address.

The laptops connect to the same WiFi APs. The local bind servers are manually entered into the settings for all wired and WiFi devices. Local DHCP also has the local BIND servers listed.

The laptops via the WiFi find the mail server.

However, regardless of the email app (we have tried eight of them) and regardless of the Android Version, we have tried 10, 11, 12 and 13, and regardless of the phone maker (we have tried Acer, Huawei and Sumsung, Android can't "find" the mail server.

This is even though, when running IP Tools on said phones, both the mx record is correct and the IP address for the mail server is correct. Plus the phones can ping the IP address of the mail server but fails the FQDN for the server -- the name provided via lookup in IP Tools.

How can I fix Android? As of now I have to create TWO mail apps, one for local with the local IP address and one for when off the LAN. BIND

MikeLieberman
  • 1
  • 1
  • Have you disabled "Private DNS" in Android network settings? If active Android ignores configured DNS server on Wifi and DHCP level and only uses the private DNS. use Wireshark to check Android network traffic which DNS server is queried. – Robert Oct 29 '23 at 13:08
  • Yes. Private DNS is and was always disabled. Robert, I am using pfSense. I built a NAT rule that redirects all DNS cellphone traffic to my local bind server. I don't think the cellphone using DoH. It can find outside URL's seeming through the local DNS service is my BIND server. I don't have a promiscuous connection between the WiFi Cellphones and the firewall. I would be to overloading the firewall to 'inspect,' but what am I inspecting? That device is already blocking outgoing DNS traffic from the phone. Wireshark type tools, need a what port I am looking for. – MikeLieberman Oct 29 '23 at 14:13
  • If the cellphone is communicating with the local BIND server but is having issues with local IPs, well, the pfSense wouldn't see the traffic as in would stay on the LAN. – MikeLieberman Oct 29 '23 at 14:13
  • You can simply generate Wireshark dumps on Android using apps that act as local VPN and internally capture all traffic going through the local VPN. See e.g. PCAPdroid app. – Robert Oct 29 '23 at 16:46
  • Robert, there is no local VPN. – MikeLieberman Oct 30 '23 at 01:29
  • Robert, my phone connects with my office LAN in a bidirectional way. A VPN on the phone would inhibit that. I have read that beginning in about Android 5 and getting more aggressive following that, Android has been bypassing named DNS servers to connect to Google. Following the variety of things mentioned, I have blocked all IPv6 traffic from the cellphones, I have added a new line in the DHCP server we run, added the MAC address to the reserved list in the dhcpd.conf file and verified my phone is using that. – MikeLieberman Oct 30 '23 at 05:21
  • All IPv4 outbound DNS traffic from the cellphones is redirected to my bind servers. My phones find everything EXCEPT the domain record that the servers support. All other non-android devices using the same WiFi connection and our BIND servers find the local resources. I am about to root my phones and replace Android. – MikeLieberman Oct 30 '23 at 05:21
  • I think you misunderstood me. "local VPN" is a technique to redirect all traffic through one app (the local VPN app) to capture the traffic. In this case VPN client and server are in the same app, so there is VPN in your network, only inside Android for redirecting the traffic through the one app. Please read the details e.g. on PCapDroid https://emanuele-f.github.io/PCAPdroid/quick_start – Robert Oct 30 '23 at 07:49
  • Mike, did you ever solve this? I have exact same problem, a (recently updated, didn't have this problem before update) Samsung phone can no longer determine hostnames that are served by my internal BIND server, despite it being given the DNS address in DHCP. All other devices using DHCP server can. – wls-senatus Mar 24 '24 at 05:39
  • No, I never solved this. It remains a total frustration. The 'Android" forums are useless. They have no idea about name resolution on their precious OS. And there is no way to engage with actual Android engineers. – MikeLieberman Mar 25 '24 at 06:17

0 Answers0