DNS is a vital part of internet communication. Many people use ISP provided DNS servers by default. But using different DNS servers might improve security and performance. Also, DNS queries are not encrypted while being transferred over the network and you might want to secure your communication. But it is a real pain to change your default DNS providers, especially on a mobile device. My new app overcomes this difficulty on every rooted Android device.
We all use DNS to resolve internet addresses (domains) to IP addresses. You are automatically assigned to your ISP’s DNS IP addresses by default when you connect to the Internet.
Why you might want to use different DNS Provider?
Using a different DNS provider other than your ISP’s might be useful in some ways:
- First of all, some companies like OpenDNS, Comodo and Norton are providing secure DNS services. They block malicious content, phishing and scam web sites by default.
- You can also configure third party DNS providers to block some additional content on your network or device, for example adult content. There are family-friendly DNS servers (I also added them to my app)
- Many ISPs do not provide control over their DNS services. For example if you are using Google DNS, you can easily flush the DNS cache if you change your web site’s IP addresses. So changes are quickly accessible to all users using Google’s DNS service.
But DNS protocol is not secure and queries are not encrypted. This means DNS queries can be listened and read over the network. For example, on a public WiFi connection, hackers can easily monitor web sites you visit by using simple applications.
Me and my friends Ferhat Yeşiltarla and Gökmen Güreşçi (who is now working as a security researcher) demonstrated what can be done by DNS spoofing and monitoring DNS queries in our Computer Networks class in university. Screenshot below is the network log when someone visits only secure sites on the network we created just for the demonstration.
The worst part is someone can use man in the middle attack to change DNS response and redirect you to completely different web site.
We have also seen large attacks that change DNS providers to malicious ones on network devices to steal information by redirecting users to banking and shopping web site’s spoofed versions to steal their info (or by serving them malware)
Gökmen found and reported one of these serious attacks on a leading ISP’s network in Turkey, targeting their users by changing DNS servers on ADSL modems they provided to home users. You can read his blog post in Turkish.
So, it is important to verify that every DNS request is coming from the DNS provider you choose (even if it is your ISP’s DNS server).
DNSCrypt can secure DNS queries.
DNSCrypt is a protocol developed by Frank Denis and open source contributors.
DNSCrypt secures DNS communication, verifies DNS responses and it significantly improving every single Internet user’s online security and privacy.
I use DNSCrypt for a long time on my computer and I recommend using it on every device you use.
Currently not all DNS providers use DNSCrypt. But you have various providers to choice. For example OpenDNS provides DNSCrypt support.
DNSCrypt for Android
Frank Denis made DNSCrypt client (dnscrypt-proxy) available for Android. You can download pre-compiled stable builds or compile your own version via the sources on github.
I was planning to build DNS Changer application for Android. Obviously, there are lots of similiar DNS changer applications on Android but they have main drawbacks:
- Most of DNS Changer applications are not working on KitKat, Lollipop and Marshmallow.
- Some of them only work only on WiFi. LTE and 3G support is important.
- There is no DNSCrypt manager application on Play Store
My DNS + DNSCrypt Manager Application for Android
First of all, my DNS Manager application requires root. There are lots of alternative applications on Play Store that do not require root, but stability on recent Android versions are questioned. Installing DNSCrypt also requires root access and custom recovery.
I included some well known DNS and DNSCrypt providers to free version.
- Automatically changes DNS when network changes
- Can notify you when DNS Change applied
- Various DNS providers to change to
- DNSCrypt resolvers are parsed from installed DNSCrypt resolvers list (PRO)
Frank Denis, creator of DNSCrypt, retweeted my announcement. Thanks to him for creating such a great security solution.
— Frank Denis (@jedisct1) December 14, 2015
How to use DNSCrypt
Most phones supports armeabi-armv7-a builds. Download the zip and flash it via custom recovery.
Then you need to install BusyBox if you are using stock rom.
I recommend BusyBox on Rails app:
Where to download?
- No ads
- More DNS providers
- DNSCrypt providers parsed from DNSCrypt’s resolver list.
- Support development
I recommend using the free version first and confirming everything works.
I will be happy if you can buy Pro version if the app is useful for you, since I am currently unemployed, it helps much.