1 block 8.8,8,8 dont make app fallback to default djcp dns. 2. static route dosent necessary mean final host pickup dns request fuck that stupid guy
I am already working on some screenshoots for you, thanks for trying to help me out. The sites where I test the DNS leaks are: dnsleak.com , dnsleaktest.com , whoer.net , ipleak.net . You want the screenshoots as DM or I will upload them somewhere?
Links to screenshoots:
https://ibb.co/WBYzfHQ
https://ibb.co/Lkq7c9q
https://ibb.co/TwRryJK
https://ibb.co/nfZwjxR
https://ibb.co/sQch02M
My PiHole set-up is not using either DoT or DoH, it’s regular DNS resolver under the VPN network.
the phone doesn’t like that this connection, still under VPN, it’s not encrypted and it forces DoH/DoT?
No. Even if Pi-hole was using DoH/DoT, they would be Pi-hole’s upstreams, invisible to your devices. Pi-hole itself doesn’t process any encrypted standards.
Opportunistic|Automatic/Use your current service provider Android Private DNS and Chrome Use secure DNS is only enabled when the first hop can process DoTLS over 433/853, which should never be the case in a default Pi-hole installation without you going to a lot of additional trouble you’d definitely remember doing.
Haha, I was actually thinking of this also, I don’t like when somebody is pushing me to use a specific service to their desire. But don’t know how can I test this before hand… It’s crazy how they manipulate us. But then… What phone or brand would not do this?
This is exactly what I did, same .conf file loaded in turn on my gf phone and after on my phone. For her is working , no dns leak, on my phone is not. ipv6 is not set-up on the VPN server, it’s disabled so it will not hand out any IP
I have had Samsung’s the last few years, latest a a52s, note 10, S10 and have never had problems with hardcoded DNS on the phone os. Always had wireguard with pihole. Hopefully others can recommend some more phones also.
Thanks for the recommendations