Comments (3)
Same here. Not just browsers either - AVNC and Termux also can't resolve .local domains while personalDNSfilter is running.
Note that a number of the default lists1 have 127.0.0.1 local
entries near the top, which seems to cause .local domains to get blocked2, but even with !*.local
added to 'additional hosts' and the domains being logged in green (or personalDNSfilter in the 'paused' state), the domains still don't resolve correctly - only stopping the pseudo-VPN entirely works. (I get a slightly different error from AVNC after allowing the domain - presumably that's because it changes from getting a wrong/fake IP address to getting an NXDOMAIN error.)
Edit: personalDNSfilter doesn't seem to be blocking mDNS traffic at the network level - I can do dig @224.0.0.251 -p5353 (something).local
in Termux and get the correct response back. It just seems to be preventing the normal resolver from trying to do mDNS.
Footnotes
-
Edit: Actually, only one that's enabled by default - the main StevenBlack one. But there are several of the disabled ones that have it too.
↩ -
Is it intentional that entries in hostfile-style lists are treated as applying to subdomains too, even though that's not how they would actually be treated in
/etc/hosts
?↩
from personaldnsfilter.
Looks like this is a side effect of pretending to be a VPN. From the official Android DNS resolver docs:
VPN and mobile data connections are excluded from .local resolution.
For this to work, personalDNSfilter may need to handle mDNS itself when running as a pseudo-VPN.
from personaldnsfilter.
I see a few options to make .local domains work with pDNSf in pseudo-VPN mode:
- mDNS allows 'legacy unicast' lookups1, where you basically just do a normal DNS-over-UDP request, but send it to 224.0.0.251 or FF02::FB on port 5353 - and don't use 5353 as the source port. This might let you just use the existing DNS code with a different upstream 'server' in
DNSCommunicator.requestDNS
. However:- If the device has both IPv4 and IPv6, it would probably have to query both addresses, which might complicate things.
- When you do this kind of request, the spec says that the responses will have their time-to-live limited to 10 seconds, because 'full' mDNS needs various extensions to the protocol to keep caches in sync between all the machines on the network.
- Possible issues with Unicode domain names - see below.
- Alternately, you could implement the full version of mDNS - or find a Java library that already does - and integrate it into either
DNSResolver.resolveLocal
orDNSCommunicator.requestDNS
when the hostname ends in .local (or a few other domains, see below).- (Android has had a separate API2 for Zeroconf since before its regular DNS resolver started supporting mDNS/.local, but it seems to be limited to looking up services using DNS-SD over mDNS, and can't do domain name lookups using just mDNS by itself.)
Additional notes:
- mDNS specifies that non-ASCII domain names get encoded as UTF-8, rather than the Punycode encoding used in 'normal' DNS (on the grounds that mDNS didn't have any old, buggy implementations that it needed to stay compatible with). pDNSf might need to translate Punycode to UTF-8 for non-ASCII .local names to work. I'm not sure how common those are. (I also can't tell if that change still applies when doing 'legacy unicast' requests.)
- Besides .local, there are a handful of reverse-DNS domain trees that are also supposed to get sent over mDNS. (I don't know how often these will actually come up, but…)
- .254.169.in-addr.arpa.
- .8.e.f.ip6.arpa.
- .9.e.f.ip6.arpa.
- .a.e.f.ip6.arpa.
- .b.e.f.ip6.arpa.
Footnotes
from personaldnsfilter.
Related Issues (20)
- Client authentication for personal DoT upstream instances HOT 1
- Google Maps offline maps update stuck at 0% HOT 1
- [Question] upstream server Priority order HOT 3
- [Feature Request] Systemizing/Priv-apping PDNSF on rootless systems HOT 3
- [Request for Fix/Alternate Version with Fix] SSLProtocolException Android 4.4 HOT 5
- Pausing does not invalidate cache for some apps HOT 1
- [Feature Request] Possibility to use wildcards in Active Filters HOT 6
- [Feature request] Lock app with password and prevent it from being uninstalled HOT 5
- pDNSf (even in proxy mode) seems to keep RethinkDNS from auto-starting its 'VPN' at boot HOT 4
- Show the specific hosts entry which blocked a server HOT 2
- Quick Settings Tile and Ability to run VPN without opening the app HOT 2
- Redirecting a domain does not work HOT 2
- Not Working on Reddit HOT 1
- Is it possible to add CIDR bits to "Additional hosts"? HOT 4
- Domains being blocked without being explicitly named HOT 3
- 10.10.10.10 blocks openvpn HOT 1
- Not getting requests HOT 2
- list suggestion
- font colour in log HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from personaldnsfilter.