Jump to content
Not connected, Your IP: 3.15.17.60
Staff

New feature: DNS block lists

Recommended Posts

My apologies, App Store works now. I guess it must have been a temporary issue or Apple indeed is blocking the server I was using at the time.

BTW it great that there's a higher limit of devices, so DNS settings can be better customized for various use cases.

Share this post


Link to post

Just came across this feature and had a mini-heart attack thinking I've been jumping through hoops for years to do my own DNS filtering because I simply didn't realise AirVPN could do it 😀 Good to know it's a new feature, thank you guys for all the good work as usual!

I do have a question - would you ever consider offering DNS over TLS for this, potentially with custom per-user domains to differentiate between configs, a la NextDNS? I semi-understand the complexities involved, as well as that Air is a VPN and not a DNS provider and this verges on being an entirely separate service, so I fully understand if the answer is a hard no, but it would be fantastic to have.

FWIW my use case is that, on Android, I need to run some apps outside the VPN (like most people I assume). Therefore, even with DNS filtering through Air, those apps would be free to phone home/display ads without DoT. So currently I'm "forced" to use NextDNS. It would be a lot less of a problem if Android allowed custom DNS priority, so connections over the VPN used the VPN DNS despite DoT being configured, but alas AFAICT that is not the case and will not be anytime soon.

Share this post


Link to post
@Agrock

Hello!

DNS over TLS is supported since several months ago. It is almost useless since plain DNS queries to our VPN DNS, and their replies, are anyway encrypted and authenticated because they stay in the tunnel, but you might need DoT for peculiar configurations. Check the usual specs page for more details:
https://airvpn.org/specs

You can define anyway custom per "device" (i.e. client certificate/key pair) block lists, personalized exceptions and blocks, regardless of the fact you use DoT or not.

Kind regards
 

Share this post


Link to post

Hello!

Thank you very much for this feature!

A question about updating the lists: Is there a job that updates the lists? Currently the lists is relatively old.

Share this post


Link to post

Hello

Perhaps I'm just being dumb but I can't see how to simply turn the block list on or off. It appears that the block list is on by default and to turn it off requires:
1) Selecting "Customize account DNS settings"
2) Deselect all lists

Am I missing something obvious?

Thank you.

Share this post


Link to post
19 hours ago, BigX said:

Perhaps I'm just being dumb but I can't see how to simply turn the block list on or off. It appears that the block list is on by default and to turn it off requires:
1) Selecting "Customize account DNS settings"
2) Deselect all lists

Am I missing something obvious?


Client Area -> DNS
"Customize account DNS settings": enabled (green slider). Then you can enable (= again, slider set to green) or disable each individual list.

Did you try this?

Share this post


Link to post
On 11/28/2021 at 12:07 PM, NoMercy1290 said:

Hello!

Thank you very much for this feature!

A question about updating the lists: Is there a job that updates the lists? Currently the lists is relatively old.


Thank you for your great feedback and the head up.

Lists should have been updated every 24 hours but the procedure started failing recently. We are working on it to detect the problem and restore the normal update every 24 hours. EDIT: problem detected and fixed.

Kind regards
 

Share this post


Link to post
10 minutes ago, Staff said:

Thank you for your great feedback and the head up.

Lists should have been updated every 24 hours but the procedure started failing recently. We are working on it to detect the problem and restore the normal update every 24 hours.

Kind regards
 
Thanks a lot for the update and the great support.

Kind regards

Share this post


Link to post
Posted ... (edited)
8 hours ago, spinmaster said:

Client Area -> DNS
"Customize account DNS settings": enabled (green slider). Then you can enable (= again, slider set to green) or disable each individual list.

Did you try this?

Hi spinmaster

Thanks for your response. I did do that while experimenting. However, I'm finding the wording confusing. Really just hoping someone can clarify my understanding :)
Let me try to explain my confusion.


For example in the Client Area (Dashboard like page) I currently have the following,
  DNS
    DNS settings, block lists.
    No Customized

This to me does not imply that the block list is off/disabled. I take it to mean that default block lists as defined by AirVPN are active.
Does this actually mean that no block lists are applied? To quote from the DNS settings page, "Customize account DNS settings - Otherwise, default settings by AirVPN are used".
What are the "default settings"? That doesn't sound like off/disabled.
Sorry if I'm being a bit thick :)

In contrast, the API in the Client Area shows,
    API
    NoNot active

This is clearly off/disabled.

So to disable (turn off) the block list requires enabling "customize" and then disable all the individual lists?
So the following with all lists disabled means that all blocking is off.
  DNS
    DNS settings, block lists.
    Yes Customized
  Edited ... by BigX
Clarification

Share this post


Link to post

Hover over that little pictogram with your mouse, will you? :)
 

1 hour ago, BigX said:

What are the "default settings"? That doesn't sound like off/disabled.


Default = "The air to breathe the real Internet"
Customized = "The air to breathe the filtered Internet"

I do admit that at the very first I asked myself what it exactly means, too, but it quickly occured to me that it's used in the same way as other boolean values on the website, on IPLeak, in Eddie. Its meaning is therefore unambiguous.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hello to all members,

I´m testing the Wireguard protocol in my laptop and Iphone, using the native Wireguard app.

In the laptop all working very well, fast, very fast, love the Wireguard implementation.

In the Iphone work great all, but the DNS Block List don´t work well. For example when i connect in the fist time when i add or change something in the DNS preferences, take some seconds to reflect in all active connections. Work well when i visit Browserleaks.com. When i disconnect and choose other server and go again to Browserleaks, appear the ads.
I don´t know what happen, block at first and when i choose other country don´t work.
Is my end problem? What im doing wrong?

Thanks for all implementations

Share this post


Link to post

Hello @Staff,
can you please clarify how exactly lists updating works - your system should update all lists every 24h or update occurs only if source (list itself) was changed?
I'm asking because for example my client panel shows that Ads, Malware and Crypto lists were updated today but on the other hand Dating, Gambling and some other community lists - one month or two months ago.

Also in the panel there is information that lists are updated every hour so that should probably be updated as well.

Share this post


Link to post

I guess I should have tested this more until I said it was working for me.

running pfsense with one device in my customer account.   All my devices that use Air I set a static dns ip of 10.4.0.1 and it has always worked perfectly for years..

under client / dns it’s green.   Went to a site I figured Would be blocked, Nope, tried another not blocked… read more and then went to client / devices/ detailed and enabled the same dns filter.   Gave it 5 minutes still not blocked

i ran a ifconfig from command prompt and used the default gateway… instead of 10.4.0.1 and it immediately worked.

now I know 

Share this post


Link to post
@NoMercy1290

Hello!

Correct, since the list "exploded" to more than a million entries yesterday (from a few hundred thousands) a security system disabled it. Today it has shrunk again to 300'000 entries. The list is now available.

Kind regards


 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...