OpenDNS for Android devices
Not planned
I would like to see OpenDNS for Android devices. OpenDNS could create a VPN that would use OpenDNS addresses, similar to the DNSet app already available. A VPN is required to change the DNS for unrooted android devices.
-
I don't know what the DNSet app is since I don't use Android, but a VPN is not the solution that you'd use for changing the DNS settings on any device, android or not.
A VPN would route all of your internet traffic, incoming and outgoing through OpenDNS servers, before going on to the rest of the internet. OpenDNS is in the business of providing DNS related services, not VPN services, so I don't see a VPN solution happening.
If all that you want to do is change the DNS settings on your android device, presumably for when you are away from your home network I'd suggest using the DNSet app that you already referred to to change those settings.
DNSCrypt might also do what you want, since it establishes an encrypted connection between the device and OpenDNS servers for DNS queries, but it is currently only available for Windows and Mac. You could put in a request for DNSCrypt for Android. That might already be working on it, but whether or not they are it would show interest in such a product.
-
It doesn't sound like the VPN is used to change the DNS settings then. It sounds like you are using whatever DNS settings are at the other end of the VPN tunnel. Huge difference.
Regardless of the mechanism it sounds like you need to either get a rooted android device or find a VPN provider that uses OpenDNS or will let you choose your own DNS service, such as OpenDNS. Or you could host your own VPN on your own equipment using something like OpenVPN
Regardless, OpenDNS isn't a VPN provider, just a DNS provider. Even if they provided VPN services I don't see that as something that they'd provide for free. Perhaps someday they'll offer DNSCrypt for Android and that might accomplish what you want.
-
No, with the DNSet app I checked it and the IP address does not change with it on or off. The VPN is requred on Android to re-route the DNS lookup but does not route the data through the VPN. It's a workaround for the security hardcoded into the Android system.
Thanks for the info on OpenVPN, I wasn't aware of a service.
-
Ok, so now I'm confused. If you already have a solution that does this, why do you want OpenDNS to create a specific app and VPN solution to do this? Do you want this as part of their free offering?
I'm curious. Have you ever created a VPN solution that selectively sends only certain types of data, in this case DNS queries, through the VPN tunnel, but sends (abnd receives) all the rest of the data on the local connection? I've done plenty where all of the data is sent through the VPN tunnel, and others where data only intended for the VPN endpoint is sent while the rest uses the local connection, but have never even tried, or thought of trying, sending only specific types of data, which in this case would be port 53 UDP traffic. It sounds like what you really need is DNSCrypt for Android, rather than a hyper-specialized and hyper-customized VPN solution.
Which BTW, for a VPN solution to do this would require a constant connection to the VPN server, which means data is going to continually be sent back and forth over the VPN tunnel to keep it alive and active.
-
Matt,
The purpose of an OpenDNS app would be to control the filtering, enable the malware & phishing protection, logging, and DDNS back to openDNS servers.. Just using the openDNS servers alone only gains speed and requests resolved by SmartCache. As Brian and Kristy mentioned, this is already available for iOS, just not Android yet.
-
Brian - Does OpenDNS realize that over 50% of the current smartphone market is held by Android?
http://www.geekwire.com/2014/blackberry-keeps-hemhorraging-market-share-rest-smartphone-market-waits-new-phones/
It's not like we're asking for a BlackBerry app. ;-) -
I would like to have open dns to be able to block objectionable sites on my Android, same as on the pc, where the dashboard filter works great where I can set up which categories should be blocked, and it works on all browsers on the pc, I would like to have that protection on my Android Maxx phone, version 4.4 as well, thank you -
As long as you use your Android device in the same network as your PC, the same OpenDNS settings take effect also on your Android device unless you have different resolver addresses configured on it.
The home versions of OpenDNS are for networks you own, not for your devices in other networks.
-
Per OpenDNS in reference to Umbrella service for Android devices:
Thank you for your patience on your request regarding the Android invitation. For now we are only taking responses regarding the invitation for feedback purposes, however at this time, we may not be moving forward with the development due to the small number of feedback for this project. We do ask that you can voice your interests at https://support.opendns.com/forums/21211727-Idea-Bank and our engineers will review it accordingly.
-
There is such a clear use case for this, I can't believe OpenDNS isn't giving it more priority. I'm not aware of any reliable options for providing centrally managed safe mobile usage (not on wifi) on Android. If a mobile VPN client exists for iOS, and Android has even bigger market share, why not throw some development resources at it and capture more customers where there is an obvious gap? Come on OpenDNS - people are willing to PAY for this.
-
I wouldn't hesitate to pay for an Android version. Umbrella is the hidden gem of VPN's and well worth the $20/year. It's one of the reasons I use an iPhone. Would like to see an update for the iOS app to bring it into the current generation of Apple hardware (last update was over two years ago!). Also wonder if TLS/SSL wouldn't be a more secure alternative to IPsec that's currently used for Umbrella's VPN....
-
I'm not sure why OpenDNS still is not considering an app for Android since it's the largest mobile OS in the world. Until that happens there is a new app in the Play Store that will change your DNS without root:
https://play.google.com/store/apps/details?id=org.arcsoft.engelsizpro&hl=en
It costs a whole $1.48. If you are rooted, there are plenty of DNS changer apps available. You can run it as is and get the automatic phishing & malware filtering but if you want personal content filtering you can use this app to update your IP to dnsomatic which will update your OpenDNS account:
https://play.google.com/store/apps/details?id=com.icecoldapps.dynamicdnsupdate&hl=en
Alternatively, you can update manually with this link from within your mobile browser:
https://email:password@updates.opendns.com/nic/update?hostname=OpenDNS_network_label
Use %40 for "@" and 2E for "." in your email address. Credit to Rotblitz in this thread for that:
https://support.opendns.com/entries/23217700-Is-there-an-IP-Updater-for-OpenDNS-using-android
The only thing I have noticed is I loose the Chrome compression proxy with this enabled. I have already reached out to the dev and he is looking into it.
-
If you use that app to update your OpenDNS account in the manner you describe I hope that this android device is the only one that you are trying to protect. If you have a computer or something else on your home network that is being protected by OpenDNS as soon as your account is updated to reflect the network that you are "visiting" all of those features will be lost at home. In addition, the network that you are visiting belong to someone else, and you are effectively "hijacking" it and claiming it as your own, assuming that it isn't already blocked for assignment to an OpenDNS network, or isn't already associated with the owner's own OpenDNS account.
-
Matt,
Yes, I have a separate account for the mobile device from my other accounts so the IP conflict issue won't happen. I also only use this for the mobile network IP only, not when on wifi so I don't hijack an IP like you mentioned. In my testing, on my mobile network I only change IP addresses on a power cycle, but still update anyway. Even OpenDNS's own client only updates every 3 hours. Thanks for the insight.
-
"I also only use this for the mobile network IP only, not when on wifi so I don't hijack an IP like you mentioned."
This is wrong. These "mobile network IP" addresses are usually shared between many mobile users at the same time, so you're still hi-jacking.
"I only change IP addresses on a power cycle" - What interval do you mean by power cycle (of what)?
"Even OpenDNS's own client only updates every 3 hours."
Not sure why you say this. Beside that it is wrong, it is also unrelated.
The OpenDNS Updater checks every 1 or 5 minutes (I don't recall the interval, I had to analyze it again) for an IP address change against myip.opendns.com and updates the IP address information immediately when detecting an IP address change. -
This is wrong. These "mobile network IP" addresses are usually shared between many mobile users at the same time, so you're still hi-jacking.
From my testing, if my IP was really shared then there was no one else using OpenDNS because there was nothing logged that wasn't mine.
What interval do you mean by power cycle (of what)?
Power cycle my mobile device. The IP address never changes unless it's power cycled.
Regarding the updater, the OpenDNS windows client seems to update every 3 hours. The android app I referred can be configured to update as quick as 1 minute intervals. I was just referring to my mobile carrier that doesn't change IP address unless there is a power cycle. I have no idea on other carriers.
-
Glenn:
You are certainly in a better stance than most people trying to update their account with their mobile devices, since most of them want to use the same account, and have the mobile device update it while they are away.
Since you're not using it with someone else's WiFi, and assuming your provider is actually giving you a public IP address of your own rather than giving you a private IP address and NAT'ing you along with other users behind a public address this should work great.
The only hitch I can see is if you are actually getting private addresses and your public address is NAT'ed you would effectively be "claiming" that address for all users who are sharing it, though realistically I doubt a lot of people using mobile devices on a carrier's network like that are also using OpenDNS. It's entirely likely that when you've looked at your logs, even if that were the case you'd be the only one generating OpenDNS traffic. Still that kind of potential conflict is why OpenDNS "locks out" private/public NAT'ed address or ranges like this.
I can't comment on the update times for the OpenDNS updater since I update via DNS-O-Matic using my router, and the only person I support using the updater is my dad, and his IP address is essentially static so I've never really paid attention to update times.
Anyway, thank you for going above and beyond what most people are doing with their mobile devices, it saves everyone, including yourself, a lot of headaches.
-
Yeah, the lack of an Android client for Umbrella is killing me. I'd be willing to hire a developer to create one myself if I could access the Umbrella backend so that all of the logging and customized settings would be available to Android users. Maybe Cisco will light a fire under OpenDNS to get it done.
Please sign in to leave a comment.
Comments
53 comments