DNS filtering doesn't work on Chromium based browsers

Hi there,

I don’t know if anyone else runs into this problem, but I find that the Iode Firewall only works on Firefox based browsers. When I am using a Chromium based browser it doesn’t appear to pick up any of the connections, and no blocking is applied.

While this is day to day fine, it is annoying when I have to visit a page that doesn’t load properly on Firefox with a different browser as I know I’m not getting any of the protection that Iode normally offers.

Does anyone else have this issue?

Try disabling “secure DNS” in browser settings

but one question, to get clear
Have you configured a private DNS in netwotwork settings? or not, or is it set default to “automatically”?

That has worked perfectly, thank you!

1 Like

but please can you say me your private dns settings?

I think I’ve encountered a general issue with the IodeOS firewall. When I use a browser like Bromite, or Mulch all I need to do to circumvent the entire firewall is go to:

  • Settings
    • Privacy and security
      • Use secure DNS
        • Turn on and choose any of the providers

Once those settings have been enabled, the Iode Blocker doesn’t detect that the app is browsing and doesn’t block any of the searches that are made (defaults like “Sensitive Content” or “Social Networks”, and all “Customized blockings”).

This seems like quite a substantial issue for paternal controls, as it’s so easy to circumvent.

Would there be a way in the blocker to prevent this? Such as blocking Encrypted DNS that haven’t been explicitly allowed?

No, that’s not an issue
It’s the normal behaviour

If you enable secure DNS the browsers are bypassing the system wide DNS, also the iode Blocker which acts on DNS level.

You have to disable secure DNS completely to pass the requests to the iode blocker.
And you have to disable it, too, if you configured a private DNS

That’s made by design and cannot change by iodeOS

Indeed, secure DNS cannot be handled by iodé blocker : as it is a direct, encrypted communication between an app and an external server which serves as a DNS (and may be used for other purposes), there is no way to block this.

One way to circumvent this problem regarding parental control is:
1- block app networks by default in blocker settings
2- allow (on demand) network for apps that you let your child use
3- do not unblock networks for browsers/other apps that may bypass system DNS to reach content you want to avoid. Actually firefox for android (stable version on which our browser is based) does not allow secure DNS, but this will probably change; there is also Jelly (the lineage browser, available in our f-droid repo).

@AlphaElwedritsch : by “private DNS” I don’t know if you’re talking about the private DNS section in android settings, but this is not DoH : it is classical DNS that can be intercepted by the blocker.

When Private DNS is enabled for the system, Chromium based browsers will automatically handle DNS themself bypassing the iode blocker blocking function, when secure DNS is set to automatically. Disable Secure DNS to work around.
Not proofed, but I think so

You mean, if secure DNS is set to automatic in chromium browsers, disabling private DNS in android settings also disables secure DNS ? I don’t see why it would behave like that. Secure DNS in apps that implement it is completely independent of the system-wide DNS.