DNS over VPN for Android
I’ve some issues with DNS in Android. It’s quite hard to teach Android to use a different DNS server than it’s default one. It seems like that
188.8.131.52 is hard wired into the system.
However, it’s possible to use a VPN tunnel to point to a custom DNS server instead. dns66 is a tool that allows to set custom servers.
It should block traffic, but so far this did not work that well.
Nevertheless, I want to put an additional domain to it and use it to resolve a single IP for my VPN. But you can only run a single VPN endpoint. You can run only DNS66 or OpenVPN, not both…..
To fix this I installed a dnsmasq on my VPN Server. It is configured to listen only to the VPN Interface.
apt-get install dnsmasq dnsutils
The configuration consist of two lines:
listen-address=192.168.0.1 # IP of the tun0 interface bind-interfaces
Afterward you have to ensure within
iptables that the interface is allowed to access:
iptables -A INPUT -i tun0 -j ACCEPT
Here the lazy version. Afterwards, you create an additional file for the records in
/etc/dnsmasq.d/vpn with the content:
A restart of
dnsmasq and you can validate it with
To make the Android OpenVPN use of this, deploy this as a special option to the client. I’ve updated the configuration of the certificate in the
ccd folder of openvpn.
"dhcp-option DNS 192.168.0.1"
A restart of the openvpn service should do it. To be honest, I do not know if that works correctly. I’ve also defined the DNS server manual in the android OpenVPN side to
point to it. My manual test from a console emulator always resolved against
184.108.40.206. But the app that should find the record was able to find it.
I won’t bother about this further. It’s working.
best regards, akendo