Jump to content
Not connected, Your IP: 52.205.167.104
Staff

New feature: DNS block lists

Recommended Posts

My apologies, App Store works now. I guess it must have been a temporary issue or Apple indeed is blocking the server I was using at the time.

BTW it great that there's a higher limit of devices, so DNS settings can be better customized for various use cases.

Share this post


Link to post

Just came across this feature and had a mini-heart attack thinking I've been jumping through hoops for years to do my own DNS filtering because I simply didn't realise AirVPN could do it 😀 Good to know it's a new feature, thank you guys for all the good work as usual!

I do have a question - would you ever consider offering DNS over TLS for this, potentially with custom per-user domains to differentiate between configs, a la NextDNS? I semi-understand the complexities involved, as well as that Air is a VPN and not a DNS provider and this verges on being an entirely separate service, so I fully understand if the answer is a hard no, but it would be fantastic to have.

FWIW my use case is that, on Android, I need to run some apps outside the VPN (like most people I assume). Therefore, even with DNS filtering through Air, those apps would be free to phone home/display ads without DoT. So currently I'm "forced" to use NextDNS. It would be a lot less of a problem if Android allowed custom DNS priority, so connections over the VPN used the VPN DNS despite DoT being configured, but alas AFAICT that is not the case and will not be anytime soon.

Share this post


Link to post
@Agrock

Hello!

DNS over TLS is supported since several months ago. It is almost useless since plain DNS queries to our VPN DNS, and their replies, are anyway encrypted and authenticated because they stay in the tunnel, but you might need DoT for peculiar configurations. Check the usual specs page for more details:
https://airvpn.org/specs

You can define anyway custom per "device" (i.e. client certificate/key pair) block lists, personalized exceptions and blocks, regardless of the fact you use DoT or not.

Kind regards
 

Share this post


Link to post

Hello!

Thank you very much for this feature, works well and although it does 'poison' the idea of DNS sadly today it is a needed feature due to hostile actors.

Suggestions

1: Is it possible to have "OS" specific lists - I would like to have a list for platforms less friendly but anyway useful such as Android where the concept of a firewall isn't accessible to the user. I want to block any/all forms of Android tracking within apps (a la Facebook, Google etc). NextDNS claims to do this for example.

2: Is it possible to log DNS queries locally, either as an app you develop (or somebody else has?) or added to Eddie itself. If I could log which IP's/DNS apps on Android are chatting to it may be easier to know which to block, almost like a "noscript" but for DNS (only allow most crucial endpoints). I don't consider the likes of "Firebase" crucial as such if it's just for analytics.

3: Is this functionality you're considering building into Eddie at all? It would be nice to be able to switch it on/off from within the app - accessing the website securely remains possible but not as quick as a toggle.

Anyways, many thanks for adding such a useful feature, it for sure adds to ensuring greater levels of privacy, I do however wish there was more transparent insight (local, internal logging) of DNS so 'we' (the user) knows what is going on.

 

Share this post


Link to post

Hello!

Thank you very much for this feature!

A question about updating the lists: Is there a job that updates the lists? Currently the lists is relatively old.

Share this post


Link to post

Hello

Perhaps I'm just being dumb but I can't see how to simply turn the block list on or off. It appears that the block list is on by default and to turn it off requires:
1) Selecting "Customize account DNS settings"
2) Deselect all lists

Am I missing something obvious?

Thank you.

Share this post


Link to post
19 hours ago, BigX said:

Perhaps I'm just being dumb but I can't see how to simply turn the block list on or off. It appears that the block list is on by default and to turn it off requires:
1) Selecting "Customize account DNS settings"
2) Deselect all lists

Am I missing something obvious?


Client Area -> DNS
"Customize account DNS settings": enabled (green slider). Then you can enable (= again, slider set to green) or disable each individual list.

Did you try this?

Share this post


Link to post
On 11/28/2021 at 12:07 PM, NoMercy1290 said:

Hello!

Thank you very much for this feature!

A question about updating the lists: Is there a job that updates the lists? Currently the lists is relatively old.


Thank you for your great feedback and the head up.

Lists should have been updated every 24 hours but the procedure started failing recently. We are working on it to detect the problem and restore the normal update every 24 hours. EDIT: problem detected and fixed.

Kind regards
 

Share this post


Link to post
10 minutes ago, Staff said:

Thank you for your great feedback and the head up.

Lists should have been updated every 24 hours but the procedure started failing recently. We are working on it to detect the problem and restore the normal update every 24 hours.

Kind regards
 
Thanks a lot for the update and the great support.

Kind regards

Share this post


Link to post
Posted ... (edited)
8 hours ago, spinmaster said:

Client Area -> DNS
"Customize account DNS settings": enabled (green slider). Then you can enable (= again, slider set to green) or disable each individual list.

Did you try this?

Hi spinmaster

Thanks for your response. I did do that while experimenting. However, I'm finding the wording confusing. Really just hoping someone can clarify my understanding :)
Let me try to explain my confusion.


For example in the Client Area (Dashboard like page) I currently have the following,
  DNS
    DNS settings, block lists.
    No Customized

This to me does not imply that the block list is off/disabled. I take it to mean that default block lists as defined by AirVPN are active.
Does this actually mean that no block lists are applied? To quote from the DNS settings page, "Customize account DNS settings - Otherwise, default settings by AirVPN are used".
What are the "default settings"? That doesn't sound like off/disabled.
Sorry if I'm being a bit thick :)

In contrast, the API in the Client Area shows,
    API
    NoNot active

This is clearly off/disabled.

So to disable (turn off) the block list requires enabling "customize" and then disable all the individual lists?
So the following with all lists disabled means that all blocking is off.
  DNS
    DNS settings, block lists.
    Yes Customized
  Edited ... by BigX
Clarification

Share this post


Link to post

Hover over that little pictogram with your mouse, will you? :)
 

1 hour ago, BigX said:

What are the "default settings"? That doesn't sound like off/disabled.


Default = "The air to breathe the real Internet"
Customized = "The air to breathe the filtered Internet"

I do admit that at the very first I asked myself what it exactly means, too, but it quickly occured to me that it's used in the same way as other boolean values on the website, on IPLeak, in Eddie. Its meaning is therefore unambiguous.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post

Hello to all members,

I´m testing the Wireguard protocol in my laptop and Iphone, using the native Wireguard app.

In the laptop all working very well, fast, very fast, love the Wireguard implementation.

In the Iphone work great all, but the DNS Block List don´t work well. For example when i connect in the fist time when i add or change something in the DNS preferences, take some seconds to reflect in all active connections. Work well when i visit Browserleaks.com. When i disconnect and choose other server and go again to Browserleaks, appear the ads.
I don´t know what happen, block at first and when i choose other country don´t work.
Is my end problem? What im doing wrong?

Thanks for all implementations

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...