DNS-Based Host Blocking for Android
This is a DNS-based host blocker for Android. In the default configuration,several widely-respected host files are used to block ads, malware, and otherweird stuff.
Installing
You can either install it via F-Droid, using the official F-Droid repository, or you can use my personal repository at https://jak-linux.org/fdroid/repo which gets updates ASAP.
You can also download apk files in GitHub's download section. Currently, these are the same files as in my personal F-Droid repository, but that might change in the future.
XDA: Discussions and preview builds
There is a thread at XDA, where DNS66 can be discussed and I occasionaly postpreview builts of the git repository:
https://forum.xda-developers.com/android/apps-games/app-dns66-source-host-ad-blocker-root-t3487497
Using it
On the first start, you must manually update the hosts files (using therefresh button) before the service can work correctly (issue #1); and youmust also update the hosts files yourself regularly for now (issue #2).
Items in the hosts and DNS servers lists can be moved around and removed)of the list using standard RecyclerView interactions (long press makes theentry movable, swipe to either side removes it). For hosts, a later entryoverrides a previous entry; for DNS servers, the first server is preferred.
Currently, there are some minor usability issues:
- If you change a setting, you must manually restart the vpn service (issue #3)
- IPv6 servers are not supported (issue #4)
There's also no validation of input, so DNS servers that are not valid IPv4addresses are not rejected, neither are URLs for DNS server entries (we intendto support URLs in the future, so you can point the app to a remote list ofservers).
How it works
The app establishes a VPN service, with routes for all DNS servers diverted toit. The VPN service then intercepts the packages for the servers and forwardsany DNS queries that are not blacklisted.
Custom upstream DNS can be configured. If the feature is turned off, thecurrent connection's DNS servers are used. The app ships are pre-definedlist of well known (mostly German) non-logging servers courtesy of theChaos Computer Club.
Privacy Guarantee
Privacy is the most important aspect of DNS66. Currently, DNS66 is strictlydata reducing: Running it can only reduce the amount of data leaving yourdevice, not increase it (except for fetching hosts files, obviously), as foreach request, we will either allow it to leave your device or not - we willnot send other requests or add other information to the request.
While not yet implemented, future versions of DNS66 might have additionalfeatures that might share more data than your phone normally would. Amongthese features are:
Automatic updates. Your phone might periodically contact servers to queryfor new upstream versions and new host lists. DNS66 will only include asmuch data as necessary to complete the request.
Debugging. We hope to have a better way to debug program failures thanmanually running logcat. Such a feature by definition requires sharingdebug logs. Debug logs (including logcat) may include personal information,and you should review them before sharing them publicly.
If such a feature is added, you will be presented with the choice to enableit (it will be disabled by default). No such feature will be turned on withoutyour explicit consent (for example, clicking yes in a dialog asking whether youwant to have automatic updates).
Contributing
See CONTRIBUTING.md
License
This program is free software: you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation, either version 3 of the License, or(at your option) any later version.
Parts of the program are licensed under only version 3 of the license, andsome parts might be licensed under the terms of other compatible licenses. Seethe file copyright for further (machine-readable) information.
Binaries also bundle external libraries. To the best of our knowledge thoseare licensed under the Apache license, version 2.0, except for pcap4j, whichis licensed under the MIT license, and dnsjava, which uses a 3 clause BSDlicense. Seethe file copyright.libraries for further (machine-readable) information.
Code of Conduct
Please note that this project is released with a Contributor Code ofConduct. By participating in this project you agree to abide by its terms.
Authors
Julian Andres Klode jak@jak-linux.org
Parts are derived from https://github.com/dbrodie/AdBuster by Daniel Brodie.
-
一、什么是DNS放大攻击 DNS放大攻击是一种新型的拒绝服务攻击,攻击者利用僵尸网络中大量的被控主机,伪装成被攻击主机,在特定时间点连续向多个允许递归查询的DNS服务器发送大量DNS服务请求,迫使其提供应答服务,经DNS服务器放大后的大量应答数据发送到被攻击主机,形成攻击流量,导致其无法提供正常服务甚至瘫痪。 二、DNS放大攻击的原理 关于DNS的解析原理: DNS 客户机需要查询程序中使用的名称
-
一、背景描述 有一个项目需要部署到客户内网,并通过nat映射实现外网访问! 项目中有多个服务之间调用是走的外网域名,项目采用k8s集群容器部署,客户的网络情况导致服务之间通过外网域名互调时总是 connection time out! 通过在容器中解析服务域名是没问题,然而telnet 域名对应ip + 端口超时。 现在想到的解决办法就是,内网做一个dns服务器,将服务之间调用的域名通过内网dns
-
在中间人攻击中,当用户访问特定的网站,可以通过伪造 DNS 响应,将用户引导到一个虚假的网站。netwox 工具提供的编号为 105 的模块,可以用来伪造 DNS 响应包。 【实例】已知主机 A 的 IP 地址为 192.168.59.133,主机 B 的 IP 地址为 192.168.59.135。下面介绍主机 A 对主机 B 实施 ARP 攻击,在主机 A 上监听主机 B 的 DNS 请求,并
-
定义:Nslookup.exe 是命令行管理工具,用于测试或解决 DNS 服务器问题。此工具是通过“控制面板”与 TCP/IP 协议一起安装的。 作用:查询域名所对应的IP地址 nslookup最简单的用法就是查询域名对应的IP地址,包括A记录和CNAME记录,如果查到的是CNAME记录还会返回别名记录的设置情况。其用法是: nslookup 域名 ex: nslookup darpple.332
-
中国电信 辽宁省 沈阳市DNS 59.46.69.66 中国电信 辽宁省 大连市DNS 59.44.126.20 中国电信 青海省 西宁市DNS 202.100.138.68 中国电信 新疆 乌鲁木齐市DNS 61.128.114.133 中国电信 新疆 乌鲁木齐市DNS 61.128.114.166 中国电信 新疆 乌鲁木齐市DNS 61.128.114.85 中国电信 新疆 乌鲁木