Am always confused about use an app like rethinkdns, invizible pro, adguard, etc. to manage dns requests on my phone or just use the private dns ?
Is there any privacy advantage or security concern over them ? When i use an app, all dns queries can be routed through my preffered dns (like in a bloated phone all tracking requests can be blocked) ? Private dns is easy for the system to bypass ?
I always use rethinkdns and block bypassed dns, so i think now every dns is routed through rethinkdns and its impossible to cause a leak. Is that a myth as no dns app can provide that much privacy or security ?
How effective is an application firewall than a network level firewall like nextdns ?
Allover question is, may i use a application firewall or network level firewall ?
The Android private DNS setting is just for a DNS-over-TLS resolver. The only thing about it that’s private is your queries are encrypted en route to the server (traditonal DNS is cleartext). There’s no filtering or blocking.
Some Android versions also have a hard coded DNS server set to Google, which based on my tinkering uses DNS-over-HTTPS. Not only is it annoying but I find it awfully insecure - even if you think you have stuff locked down it might just not be. I fixed that issue by blocking all DNS-over-HTTPS servers in my router, and also have all outgoing requests to port 53 redirected to my local resolvers (Pihole + Unbound).