Software

Mobile Apps

personally tested


DNS66

DNS-based Host/Ad Blocking for Android

Less Advertising and more Privacy

In theory: this app stops annoying advertisements, tracking apps and software that wants to download dangerous parts of programmes from the web. This works at least for Internet addresses that have already attracted negative attention and have therefore been made available in list form by computer enthusiasts. The app DNS66 sends web requests from apps and websites via a VPN simulated specifically for this purpose and can thus match requests locally on your smartphone with the lists of dubious servers. Requests for malicious servers are discarded. That's the theory …

Developer/Supplier

Julian Andres Klode

Download at F-Droid – free open source apps for Android OS

Purchase/Installation

01.02.2022 on my Fairphone 4 5G.
03.02.2022 on my Fairphone 3+.

Purchase Price

For free. No ads, no tracker, really for free. Open source.

Rating (1–5 Stars)

** (1 star for very clear design, 1 star for German language)

System Requirements

Smartphone with Android OS 5.0 or higher.
Works also with /e/OS 0.21-20220122158537.

Languages

Website: English
Mobile App: German, English, maybe more languages

Support

in English, via Chat/Twitter.

Features

DNS66 allows blocking host names via DNS. This can be used for ad blocking. It also allows other DNS servers to be added, for more privacy.

Compared to AdBlock Plus, this works without proxy stuff; and it also does not require root, like AdAway does: DNS66 establishes a VPN interface, and redirects DNS server traffic to it. The VPN interface filters the traffic, only allowing queries for hosts that are not blacklisted.

A host (list) can be configured as allow, deny, or ignore. A later entry in the list overrides a previous entry.

Custom DNS Servers can be configured as well, using the same UI.

Test Environment

Device #1

Fairphone 3+

Operating System

/e/OS 0.21 based on Android OS 10

Browser

/e/ Browser – a fork of Chromium/Bromite
Version: 96.0.4664.54 (foundation.e.browser)

DNS Configuration

This choice only exists at /e/OS: DNS of the network provider: off

Private DNS (Automatic):
• dnsforge.de (IPv4: 176.9.93.198)
• digitalcourage.de (IPv4: 5.9.164.112)

Device #2

Fairphone 4

Operating System

Google Android OS 11

Browser

Mozilla Firefox Daylight
Version: 96.3.1 (Build #2015860755)
2022-02-01T02:34:31.679737
Improved protection against activity tracking:
Activated with setting: Strict
Plug-in: NoScript (Giorgio Maone), Version 11.2.19

DNS Configuration

Private DNS (Automatic):
• dnsforge.de (IPv4: 176.9.93.198)
• digitalcourage.de (IPv4: 5.9.164.112)

DNS Security

… tested with these websites:
DNS Nameserver Spoofability Test
Result on both Fairphones with dnsforge.de: Excellent.
Result on both Fairphones with dns3.digitalcourage.de: Good.

DNSleaktest.com
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK

DNSSEC Resolver Test
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK

Ad Blocker Test

Using this website:
Ad Blocker Test
Result on Fairphone 3+ with dnsforge.de: 95%
Result on Fairphone 4   with dnsforge.de: 100%
Result on Fairphone 3+ with dns3.digitalcourage.de: 95–100%

Practice

After extensive testing, it turned out that DNS66 only appears to filter hosts and does not take into account any DNS servers that are stored specifically.
Instead, this app owes its good results to the filtering of DNS servers and the protection against activity tracking via browsers …

No matter which block lists are stored in the “Hosts” menu and which DNS servers you enter in the “DNS” menu: this is ignored by DNS66.

Only on the Fairphone 3+ there is a special DNS selection option “DNS from network provider”. This is otherwise always off. For the test, I switched it on at the end.
With this setting, DNS66 used an alternative DNS server from the DNS menu only once in ten attempts. The hosts files were nevertheless ignored as before.

Pros

  • open source – anyone can view the source code and check its security
  • custom settings can be imported/exported as a file
  • free of charge

Cons

  • own block lists are completely ignored (Menu: Hosts)
  • DNS servers stored specifically for this purpose are ignored 99% of the time (Menu: DNS)

Conclusion

Because I noticed that no blocklist protects against Facebook, I created my own blocklist for testing and put it on my web server. I hoped that it was simply due to the size of the previously used lists that nothing was blocked. But even my very small blocklist (881 bytes) was not processed!
For the test, this only contained eight domains of the Meta Group as well as my domain michaelglaser.de. But no domain was blocked after a direct request via the browser or after clicking on a link! Ineffective!

Therefore, I can only advise against the DNS66 app at the moment. Wütender Smiley

Without Private DNS and reliable ad blockers, sooner or later you will be completely spied on with an Android smartphone. It should be clear to any sensible person that it is better to avoid clouds. Google's apps “Contacts” and “Phone” can be set so that data is only processed locally on the device. With many other apps, you don't know where the data goes. Those who like to try out free apps from Google's Play quickly become commodities and hand themselves and their data over.
Important: such an app is no substitute for common sense. Wink-Smiley

Alternatives

RethinkDNS is a bit more complex, but delivers what it promises!


Back to Apps Overview

Keyword list: /e/, DNS66

Last edited: