Software

Mobile Apps

personally tested


RethinkDNS + Firewall

Firewall App for the DNS Resolver Service RethinkDNS

Effective Firewall protects Privacy

Everyone wants access to a secure and open internet.
Rethink DNS + Firewall provides fast secure configurable and private DNS + Firewall for Android.

RethinkDNS comes with an accompanying firewall app for Android that allows you to monitor and control internet access to apps installed on your device.

The app allows you to view searchable network logs per connection. It shows which apps have been blocked and when, and which apps are connected to whom and when.
You can also block individual IPs.

You can set rules: Block apps by category. Block when an app is running in the background. Blocking an app when the device is locked. Block an app permanently.

When DNS is configured, you can analyse DNS requests in real time and read the aggregated reports in the app logs. It also helps to circumvent the internet censorship that applies in most countries.

Developer/Supplier

RethinkDNS. Founded under the name: BraveDNS.

Download from F-Droid, Google Play or GitHub

Purchase/Installation

08.10.2021: on my Fairphone 3+.
13.01.2022: on my Fairphone 4 5G.

Purchase Price

For free. No ads, no tracker, really for free. Open source.

Rating (1–5 Stars)

Originally tested version: 053h: ***** (5 Stars)
Current version: 053i:  ** (2 Stars!)
Since the release of version 053i, RethinkDNS (in every app version!) ignores DNS resolvers such as dnsforge.de and the firewall only works with its own DNS resolvers from Cloudflare and Google!
So this app becomes obsolete if you wanted to use it to surf privately without being spied on!

System Requirements

Smartphone with Android OS 5.0 or higher.
Works also with /e/OS 1.2.

Languages

Website: English
Mobile App: English

Support

in English, via Blog, Chat, Twitter.

Features

RethinkDNS is a DNS resolver service with custom rules and block lists. A DNS resolver is an address book of the internet – it helps to find the IP addresses of the servers to which a domain name is assigned. For example: dns.google.com (a domain name) is located at 8.8.8.8 (IP address). This mapping is retrieved by a DNS resolver.

You can configure RethinkDNS in the associated firewall app or even in your own device/internet browser that supports Secure DNS (also known as DNS over HTTPS). See below (Configuration).

RethinkDNS is a private, secure and fast DNS resolver and currently has 189 predefined blacklists that you can configure.

With RethinkDNS' paid plans (coming soon), you can also define your own custom blocklists that can be configured with RethinkDNS. The paid plan also allows you to store your DNS logs and view analytics, all in the cloud. You will be able to analyse your DNS queries and read through aggregated reports.

Configuration

RethinkDNS is highly available with servers in more than 200 locations around the world for fast DNS resolution (provider: Cloudflare).
Those who prefer to trust a European DNS service can also also use these.
Have looked up the URL for “DoH” at my favourite dnsforge.de and stored it in the DNS menu of the app (Custom DNS): “https://dnsforge.de/dns-query”.
And in Android I have configured “dnsforge.de” as “Private DNS”.
Attention: for the use of RethinkDNS select “Automatic” afterwards!

A custom DNS resolver can be configured here:
rethinkdns.com/configure. This will give a DNS resolver address that looks something like https://basic.bravedns.com/1:YASAAQBwIAA= according to blocklists or rules that you selected. This address can then be used as your DNS resolver in your device or browser.
Tip: here you can switch to DNS over TLS (DoT) before selecting blocklists to get a DNS resolver address for DoT setup.

Configuring local Blocklists in the Firewall App

Attention! No longer works with real private DNS!

  1. Open RethinkDNS on your Android Smartphone
  2. Click START to start the RethinkDNS resolver and Firewall, once it starts up properly, you'll see a “PROTECTED” status below it.
  3. Tap below on the gear wheel “Settings”. Then activate first entry “Enable on-device blocklists”.
  4. To configure block lists, tap the “CONFIGURE” button below to open the RethinkDNS configuration page. Here you can tap on "advanced" to see all blocklists and select them yourself individually or use "simple" to activate a selection of blocklists from each of the categories Parent Controls (Piracy, Gambling, Dating, Social Media), Security and Privacy.
  5. After you select your desired blocklists, tap on “Done” at the bottom bar. This will close the configuration page and the selected blocklists will be automatically configured within the app. You will see an android toast message Configured URL has been updated successfully to confirm this.
  6. You have successfully configured RethinkDNS with blocklists in the companion firewall app.

Test Environment

Smartphone #1

Fairphone 3+

Operating System

/e/OS 0.21 based on Android OS 10

Browser

/e/ Browser – a Fork of Chromium/Bromite
Version: 96.0.4664.54 (foundation.e.browser)

DNS Configuration

Only exists in /e/OS: DNS of the network provider: off
Only available in /e/OS: Private DNS: IP: 176.9.93.198 or 5.9.164.112

Private DNS:
• dnsforge.de
• digitalcourage.de

Smartphone #2

Fairphone 4

Operating System

Google Android OS 11

Browser

Mozilla Firefox Daylight
Version: 96.3.1 (Build #2015860755)
2022-02-01T02:34:31.679737
Plug-in: NoScript (Giorgio Maone), Version 11.2.19

DNS Configuration

Private DNS:
• dnsforge.de
• digitalcourage.de

DNS Security

… tested with these websites:
DNS Nameserver Spoofability Test
Result on both Fairphones with dnsforge.de: Excellent.
Result on both Fairphones with dns3.digitalcourage.de: Good.

DNSleaktest.com
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK

DNSSEC Resolver Test
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK
05.02.2022: today it fails once on the Fairphone 4.
Curious … perhaps a problem on the test server?

Ad Blocker Test

Using this website:
Ad Blocker Test
Result on both Fairphones with dnsforge.de: 100%
Result on both Fairphones with dns3.digitalcourage.de: 28%

For comparison: RethinkDNS deactivated, with dnsforge.de: 90 %

Practice

08.10.2021: I have installed RethinkDNS on my Fairphone 3+. The energy consumption of the Fairphone 3+ is unusually high and I suspect that this app is the energy guzzler. So I uninstall the app again days later and test other ad blockers.
13.01.2022: I have installed RethinkDNS on my Fairphone 4. Because the energy consumption does not increase afterwards, the suspicion is invalidated.
08.02.2022: I am still very satisfied with this app. Smiley

Pros

  • unwanted content is reliably blocked
  • very well sorted high quality selection of blocklists
  • lists responsible for blocking are in the logbook and can be deactivated if necessary
  • dangerous malware no longer gets onto the smartphone so easily
  • spying/unserious/evil apps do not reach their command centre
  • instead of Cloudflare (USA!), an european “Private DNS” can be stored
  • open source – anyone can view the source code and check its security
  • app and basic service are free of charge

Cons

  • Cloudflare as provider by default, alternatively Google is used
  • Firewall only works with Cloudflare/Google since release date of version 053i
  • App supports (Android-usual) only DoH – but DoT is possible via web configuration
  • blocks radically – some websites are not loaded at all, others only text is loaded
    (Remedy: see Pros, 3. item)

Conclusion

No longer recommended!
Now this app no longer works as expected!
By default, DNS over HTTPS is set with Cloudflare as the provider, until now you could store any other DNS service and if you absolutely wanted to use DNS over TLS, you could leave out the app and configure the DNS filter on the website and store the URL generated in this way as Private DNS in the device. The latter will still work now, but will then use Cloudflare and Google!

Without Private DNS and reliable ad blockers, a smartphone will sooner or later be completely spied out. It should be clear to everyone that it is better to avoid clouds. I have set the Google apps “Contacts” and “Phone” so that the data remain on the device. With many other apps, you don't know where the data goes. Those who like to try out free apps from Google's Play quickly become commodities and hand over themselves and their data.
Important: no app can replace common sense. Augenzwinkern

Alternatives

Android OS

I have tested almost all apps of this kind and none works as expected.
Before RethinkDNS, the app DNS66 disappointed me. Sad Smiley

Apple iOS

DNSCloak: Secure DNS Client for iOS and iPadOS.


Back to Apps Overview

Keyword list: /e/, RethinkDNS

Last edited: