Support secure DNS

[laurentlbm]

At the moment, you can set custom DNS in the application, but it's IP-based. It would be great to be able to specify a DoH or DoT endpoint.

[kasnder]

You already can set up Nebulo with TrackerControl, and thereby get secure DNS. :)

[kasnder]

Use the port forwarding functionality. The set-up is similar as for NetGuard.

[laurentlbm]

Thanks, that works great. I had never heard of Nebulo before.

[login22rvp]

Try Invizible with Tracker control for DoH. It superb

[Inrumpo]

After I learned that one has to turn off private (encrypted DoT/DoH) DNS to be able to use TrackerControl, I was slightly bummed. It feels like getting one privacy improvement by giving up another. I want to have both. That's how I found this topic.

Yes, using Nebulo seems to work: Now I can use encrypted DNS and TrackerControl at the same time. For those coming here and wondering how to do this: I followed this article. Use the guide for NetGuard; the setup is identical.

I'm still of the opinion that this situation is not ideal. TrackerControl is a simple tool for non-techy people who want to improve their privacy. They're not going to follow GitHub issues and daisy-chain apps by port-forwarding TrackerControl back to their local device.

Is there a way to integrate this "Nebulo trick" into TrackerControl or somehow enable a private encrypted DNS solution to make this easier for the non-techy user? At least IMO the user should be informed what the consequence of giving up private DNS is and maybe be pointed to this workaround.

[kasnder]

I agree it's not ideal. I've been considering implementing a simpler setup of the port forwarding, and would appreciate help with this.

[mklopp]

I have the same setup running with TrackerControl and port forwarding DNS traffic into Nebulo so I can use DoT.
Now I had to disable monitoring for my browser app, as it is not working (also stated within TC that you have to disable it for browsers to work) and ran into the issue that DNS queries from said browser would not get routed into Nebulo. As I understand the port forwarding is only applied to monitored apps and traffic from non monitored apps is just passed through. Is that correct? Is there any way to apply port forwarding to all traffic that passes through TC?

[Inrumpo]

Is that correct?

That is an interesting find!

I did a quick test with my browser not monitored through TrackerControl. You're right, the DNS specified in Nebulo won't be used in this case. That's another bummer.

On the other hand:
I did a second quick test. This time I had TrackerControl monitor my browser. Now the secure DNS is used as expected. I do not experience any drawbacks. My browser app is still working fine. Therefore: Why not just leave it that way?

[mklopp]

Because for me it does not work like that. When I have monitoring activated for my browser and try to access reddit.com for example the site won't load. Looking into the traffic log I can see that e.reddit.com was blocked. Though it isn't mentioned in the monitoring page of the browser.

[karolyi]

I have the same setup running with TrackerControl and port forwarding DNS traffic into Nebulo so I can use DoT. Now I had to disable monitoring for my browser app, as it is not working (also stated within TC that you have to disable it for browsers to work) and ran into the issue that DNS queries from said browser would not get routed into Nebulo. As I understand the port forwarding is only applied to monitored apps and traffic from non monitored apps is just passed through. Is that correct? Is there any way to apply port forwarding to all traffic that passes through TC?

You can still use TC with the browser, just turn off any blocking and you'll get the same behavior, but with DNS requests routed through TC.

I use dnscrypt+invizible pro, works like a charm.