Kinaro's blog of things

Private DNS in Android 9 Pie

June 15, 2019

Address CloudFlare DNS

CloudFlare launched the 4/1 DNS service on 1st April 2018. However, this was not a prank on internet users. With data centers all over the world, the service will reduce latency in name resolution. On average, it takes 32 milliseconds to get a result, but this will most likely reduce when using 1.1.1.1.

Previously, Android OS smart phones had no means for the user to set a custom DNS. With the update to Android 9 Pie, users can now set a custom domain name resolver. You can find this setting in Settings -> Network & Internet -> Advanced -> Private DNS.

Setting a custom DNS resolver is done by entering the hostname of the DNS server. So far, one cannot use the IP address directly. Instead, enter 1dot1dot1dot1.cloudflare-dns.com. DNS hostname

You can then open a browser window and navidate to http://1.1.1.1/help to see if your device is using the specified resolver. Check DNS resolver

This is a significant improvement in the security of smart phone users. DNS-over-TLS adds Transport Layer security to the insecure DNS protocol by using encryption. For a long time, resolvers did not implement any form of encryption to safeguard against snooping. Clients had no way to determine if the result of a query originates from the real server or an impostor. Queries were transmitted in cleartext and anyone could snoop on a user’s internet traffic, or modify the packets entirely. DNS-over-HTTPS adds encryption as well as support for forthcoming internet protocols such as Quick UDP InternetConnections and HTTP/2 Server push

ISP’s have been known to sell your data to third parties such as advertisers. This is an excellent time to switch to a service that will not violate your right to privacy. CloudFlare wipes the logs every 24 hours and never logs your IP address. In addition to this, they have also contracted KPMG to audit their code annually and thus reassure users that they are actually keeping their word.

CloudFlare offers a wide variety of services, and has been active in mitigating online threats such as denial of service attacks. The secure DNS service is free of charge for everyone.


Felix Kinaro

Github TwitterContact