DNS forwarding option

[4-FLOSS-Free-Libre-Open-Source-Software]

Enabled:

• Block all UDP traffic except DNS and NTP
• Prevent DNS leaks (forward to user-set DNS endpoint)

Result:

• blocked on UDP/53 UDP blocked A user-set firewall rule blocked this UDP connection.

Expected Result: forward to user-set DNS endpoint

v0.5.3i

[ignoramous]

Ah, nice edge-case! Rethink should indeed allow DNS traffic proxied to user-set endpoint in the scenario outlined above... Thanks. Assigning to Husain for him to take a look.

[ignoramous]

Fixed in https://github.com/celzero/rethink-app/pull/525

Releasing by this week's end.

Btw, v053i also broke Orbot / SOCKS5 forwarding (#456)... which has also been fixed in #525

[ignoramous]

Btw, thanks a tonne for your bug report(s)! Appreciate it (:

[4-FLOSS-Free-Libre-Open-Source-Software]

After upgrading to v053k

• #573

I unfortunate see the described issue of blocking instead of force forwarding to use set endpoint again.

screenshots

screens:

[ignoramous]

https://github.com/celzero/rethink-app/blob/76f1091e398e7feda40cebe710958ea5b4b2b616/app/src/main/java/com/celzero/bravedns/service/BraveVPNService.kt#L386-L397

Yeah, we changed the behaviour (udpBlocked comes before dnsProxied) because some folks thought the firewall was leaky when 8.8.8.8 on 53 was let through despite being in their block rules.

I am still thinking what's the best way to communicate that if DNS is proxied, then it isn't a leak... May be we should change the IP address shown in the network log.