Software

Mobile Apps

personally tested

RethinkDNS + Firewall

Firewall App for the DNS Resolver Service RethinkDNS

Effective Firewall protects Privacy

Everyone wants access to a secure and open internet.
Rethink DNS + Firewall provides fast secure configurable and private DNS + Firewall for Android.

RethinkDNS comes with an accompanying firewall app for Android that allows you to monitor and control internet access to apps installed on your device.

The app allows you to view searchable network logs per connection. It shows which apps have been blocked and when, and which apps are connected to whom and when.
You can also block individual IPs.

You can set rules: Block apps by category. Block when an app is running in the background. Blocking an app when the device is locked. Block an app permanently.

When DNS is configured, you can analyse DNS requests in real time and read the aggregated reports in the app logs. It also helps to circumvent the internet censorship that applies in most countries.

Developer/Supplier

RethinkDNS. Founded under the name: BraveDNS.

Download from F-Droid, Google Play or GitHub

Purchase/Installation

08.10.2021: on my Fairphone 3+.
13.01.2022: on my Fairphone 4 5G.

Purchase Price

For free. No ads, no tracker, really for free. Open source.

Rating (1–5 Stars)

Extensively tested version: 053h: ***** (5 Stars)
Current version: 053i:  ***** (5 Stars)

System Requirements

Smartphone with Android OS 5.0 or higher.
Works also with /e/OS 1.2 or higher.

Languages

Website: English
Mobile App: English

Support

in English, via Blog, Chat, Twitter.
Even contacted me via mail form because of this test report and uploaded a short explanatory video on YouTube for me! Great Service!

Features

RethinkDNS is a DNS resolver service with custom rules and block lists. A DNS resolver is an address book of the internet – it helps to find the IP addresses of the servers to which a domain name is assigned. For example: dns.google.com (a domain name) is located at 8.8.8.8 (IP address). This mapping is retrieved by a DNS resolver.

You can configure RethinkDNS in the associated firewall app or even in your own device/internet browser that supports Secure DNS (also known as DNS over HTTPS). See below (Configuration).

RethinkDNS is a private, secure and fast DNS resolver and currently has 189 predefined blacklists that you can configure.

With RethinkDNS' paid plans (coming soon), you can also define your own custom blocklists that can be configured with RethinkDNS. The paid plan also allows you to store your DNS logs and view analytics, all in the cloud. You will be able to analyse your DNS queries and read through aggregated reports.

Configuration

RethinkDNS is highly available with servers in more than 200 locations around the world for fast DNS resolution (provider: Cloudflare).
Those who prefer to trust a European DNS service can also also use these. Have looked up the URL for “DoH” at my favourite dnsforge.de and stored it in the DNS menu of the app (Custom DNS): “https://dnsforge.de/dns-query”.
And in Android I have configured “dnsforge.de” as “Private DNS”.
Attention: for the use of RethinkDNS select “Automatic” afterwards!

A custom DNS resolver can be configured here:
rethinkdns.com/configure. It will give you a DNS resolver address that looks something like https://basic.bravedns.com/1:YASAAQBwIAA= according to blocklists or rules that you selected. This address can then be used as your DNS resolver in your device or browser.

And here you can find the switch to DoT; important for the next tip …

Tips

To obtain a DNS resolving address for DoT, switch to DNS over TLS (DoT) before selecting Blocklists.

For the firewall to work with individual private DNS settings, the following firewall settings must be disabled:
• Block connections when DNS is bypassed
• Block newly installed apps by default
  (to be found under: Firewall/Universal)

This was also the reason why the firewall on my fairphones no longer worked as expected or why no internet was possible at all. An error that was difficult to find, which one of the developers showed me in an explanatory video he made personally for me on YouTube (thanks, Mz.!).

Configuring local Blocklists in the Firewall App

  1. Open RethinkDNS on your Android Smartphone
  2. Click START to start the RethinkDNS resolver and Firewall, once it starts up properly, you'll see a “PROTECTED” status below it.
  3. Tap below on the gear wheel “Settings”. Then activate first entry “Enable on-device blocklists”.
  4. To configure block lists, tap the “CONFIGURE” button below to open the RethinkDNS configuration page. Here you can tap on "advanced" to see all blocklists and select them yourself individually or use "simple" to activate a selection of blocklists from each of the categories Parent Controls (Piracy, Gambling, Dating, Social Media), Security and Privacy.
  5. After you select your desired blocklists, tap on “Done” at the bottom bar. This will close the configuration page and the selected blocklists will be automatically configured within the app. You will see an android toast message Configured URL has been updated successfully to confirm this.
  6. You have successfully configured RethinkDNS with blocklists in the companion firewall app.

Test Environment

Smartphone #1

Fairphone 3+

Operating System

/e/OS 0.21 based on Android OS 10

Browser

/e/ Browser – a Fork of Chromium/Bromite
Version: 96.0.4664.54 (foundation.e.browser)

DNS Configuration

Only exists in /e/OS: DNS of the network provider: off
Only available in /e/OS: Private DNS: IP: 176.9.93.198 or 5.9.164.112

Private DNS:
• dnsforge.de
• digitalcourage.de

Smartphone #2

Fairphone 4

Operating System

Google Android OS 11

Browser

Mozilla Firefox Daylight
Version: 96.3.1 (Build #2015860755)
2022-02-01T02:34:31.679737
Plug-in: NoScript (Giorgio Maone), Version 11.2.19

DNS Configuration

Private DNS:
• dnsforge.de
• digitalcourage.de

DNS Security

… tested with these websites:
DNS Nameserver Spoofability Test
Result on both Fairphones with dnsforge.de: Excellent.
Result on both Fairphones with dns3.digitalcourage.de: Good.

DNSleaktest.com
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK

DNSSEC Resolver Test
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK
05.02.2022: today it fails once on the Fairphone 4.
Curious … perhaps a problem on the test server?

Ad Blocker Test

Using this website:
Ad Blocker Test
Result on both Fairphones with dnsforge.de: 100%
Result on both Fairphones with dns3.digitalcourage.de: 28%

For comparison: RethinkDNS deactivated, with dnsforge.de: 90 %

Practice

08.10.2021: I have installed RethinkDNS on my Fairphone 3+. The energy consumption of the Fairphone 3+ is unusually high and I suspect that this app is the energy guzzler. So I uninstall the app again days later and test other ad blockers.
13.01.2022: I have installed RethinkDNS on my Fairphone 4. Because the energy consumption does not increase afterwards, the suspicion is invalidated.
08.02.2022: I am still very satisfied with this app. Smiley

Pros

  • unwanted content is reliably blocked
  • very well sorted high quality selection of blocklists
  • lists responsible for blocking are in the logbook and can be deactivated if necessary
  • dangerous malware no longer gets onto the smartphone so easily
  • spying/unserious/evil apps do not reach their command centre
  • instead of Cloudflare (USA!), an european “Private DNS” can be stored
  • open source – anyone can view the source code and check its security
  • app and basic service are free of charge

Cons

  • Cloudflare as provider by default, alternatively Google is used (but can be changed to desired resolver)
  • App supports (Android-usual) only DoH – but DoT is possible via web configuration
  • blocks radically – some websites are not loaded at all, others only text is loaded
    (Remedy: see Pros, 3. item)

Conclusion

Highly recommended!
By default, DNS over HTTPS is set with Cloudflare as provider, but you can store any other DNS service and if you absolutely want to use DNS over TLS, you can leave out the app and configure the DNS filter on the website and store the URL generated in this way as Private DNS in the device.

Without Private DNS and reliable ad blockers, a smartphone will sooner or later be completely spied out. It should be clear to everyone that it is better to avoid clouds.

Those who like to try out free apps from Google's Play quickly become commodities and hand over themselves and their data.
Important: no app can replace common sense. Augenzwinkern

Alternatives

All Systems

NextDNS works on every platform, even on your router.
There is also an app, but you don't really need it!
The best way to manage it is via your favourite browser.

Android OS

I have tested almost all apps of this kind and none works as expected.
Last time the app DNS66 disappointed me. Sad Smiley

Apple iOS

Apple Private Relay (service for 0.99 EUR/month)

Keyword list: Alternatives, Android, Apple iOS, Apps, Blog, Browser, Chat, Conclusion, Cons, DNS, DNSSEC, Domain, Download, F-Droid, Fairphone 3, Google Play, HTTPS, IP, IT, Internet, Mobile Apps, Mozilla Firefox, Network, Open Source, Privacy, Pros, RethinkDNS, Server, Service, Smartphone, Software, TLS, Tips, URL, Website, Who, report, why

Last edited: