OpenDNS for Android devices

Not planned

Comments

51 comments

  • Avatar
    mattwilson9090

    I don't know what the DNSet app is since I don't use Android, but a VPN is not the solution that you'd use for changing the DNS settings on any device, android or not.

    A VPN would route all of your internet traffic, incoming and outgoing through OpenDNS servers, before going on to the rest of the internet. OpenDNS is in the business of providing DNS related services, not VPN services, so I don't see a VPN solution happening.

    If all that you want to do is change the DNS settings on your android device, presumably for when you are away from your home network I'd suggest using the DNSet app that you already referred to to change those settings.

    DNSCrypt might also do what you want, since it establishes an encrypted connection between the device and OpenDNS servers for DNS queries, but it is currently only available for Windows and Mac. You could put in a request for DNSCrypt for Android. That might already be working on it, but whether or not they are it would show interest in such a product.

  • Avatar
    glenn2

    Unfortunately, a VPN is required just to change the DNS settings if the Android device is not rooted. That is the only workaround as the carriers ROM is set to their own DNS setting, and cannot be changed. Thanks for the comment though.

  • Avatar
    mattwilson9090

    It doesn't sound like the VPN is used to change the DNS settings then. It sounds like you are using whatever DNS settings are at the other end of the VPN tunnel. Huge difference.

    Regardless of the mechanism it sounds like you need to either get a rooted android device or find a VPN provider that uses OpenDNS or will let you choose your own DNS service, such as OpenDNS. Or you could host your own VPN on your own equipment using something like OpenVPN

    Regardless, OpenDNS isn't a VPN provider, just a DNS provider. Even if they provided VPN services I don't see that as something that they'd provide for free. Perhaps someday they'll offer DNSCrypt for Android and that might accomplish what you want.

  • Avatar
    glenn2

    No, with the DNSet app I checked it and the IP address does not change with it on or off. The VPN is requred on Android to re-route the DNS lookup but does not route the data through the VPN. It's a workaround for the security hardcoded into the Android system.

    Thanks for the info on OpenVPN, I wasn't aware of a service.

  • Avatar
    glenn2

    Hi kristy,

    That link returns "You do not have access to this topic"

  • Avatar
    Kristy Patullo

    Apologies, we do offer a mobile VPN client through our Umbrella service but it only supports iOS devices at this time.  I originally thought this post was related to that client.

  • Avatar
    mattwilson9090

    Ok, so now I'm confused. If you already have a solution that does this, why do you want OpenDNS to create a specific app and VPN solution to do this? Do you want this as part of their free offering?

    I'm curious. Have you ever created a VPN solution that selectively sends only certain types of data, in this case DNS queries, through the VPN tunnel, but sends (abnd receives) all the rest of the data on the local connection? I've done plenty where all of the data is sent through the VPN tunnel, and others where data only intended for the VPN endpoint is sent while the rest uses the local connection, but have never even tried, or thought of trying, sending only specific types of data, which in this case would be port 53 UDP traffic. It sounds like what you really need is DNSCrypt for Android, rather than a hyper-specialized and hyper-customized VPN solution.

    Which BTW, for a VPN solution to do this would require a constant connection to the VPN server, which means data is going to continually be sent back and forth over the VPN tunnel to keep it alive and active.

  • Avatar
    Brian Hartvigsen

    At this point in time we aren't planning to release an Android specific application similar to the iOS client that is available.  We will continue to monitor this situation as the mobile landscape continues to evolve.

  • Avatar
    glenn2

    Matt,

    The purpose of an OpenDNS app would be to control the filtering, enable the malware & phishing protection, logging, and DDNS back to openDNS servers.. Just using the openDNS servers alone only gains speed and requests resolved by SmartCache. As Brian and Kristy mentioned, this is already available for iOS, just not Android yet.

  • Avatar
    straffin

    Brian - Does OpenDNS realize that over 50% of the current smartphone market is held by Android? 
    http://www.geekwire.com/2014/blackberry-keeps-hemhorraging-market-share-rest-smartphone-market-waits-new-phones/
    It's not like we're asking for a BlackBerry app.  ;-)

  • Avatar
    brethenson
    I would like to have open dns to be able to block objectionable sites on my Android, same as on the pc, where the dashboard filter works great where I can set up which categories should be blocked, and it works on all browsers on the pc, I would like to have that protection on my Android Maxx phone, version 4.4 as well, thank you
  • Avatar
    rotblitz

    As long as you use your Android device in the same network as your PC, the same OpenDNS settings take effect also on your Android device unless you have different resolver addresses configured on it.

    The home versions of OpenDNS are for networks you own,  not for your devices in other networks.

  • Avatar
    vxxxtazxxxv

    Per OpenDNS in reference to Umbrella service for Android devices:

    Thank you for your patience on your request regarding the Android invitation. For now we are only taking responses regarding the invitation for feedback purposes, however at this time, we may not be moving forward with the development due to the small number of feedback for this project. We do ask that you can voice your interests at https://support.opendns.com/forums/21211727-Idea-Bank and our engineers will review it accordingly.

  • Avatar
    bootit

    Why not add this project to one of those capital raising web based programs to fund the project and those that contribute get the next subscription free.  You are sure to know but take a look at Kickstarter

  • Avatar
    yve1940

    I just dumped my iPhone and was sad to see no Android app so a waste of money for the subscription.

  • Avatar
    ptd22

    A way to use Umbrella on Android would be great, so that we have centralized management of policies even when on cellular networks.

  • Avatar
    mr_cleaner

    I too just realized that there was no Umbrella client for my Android platform. I honestly took this for granted as it would seem to be an obvious support requirement for those of us in the worldwide majority outside the Apple ecosystem. 

  • Avatar
    father-of-4

    There is such a clear use case for this, I can't believe OpenDNS isn't giving it more priority. I'm not aware of any reliable options for providing centrally managed safe mobile usage (not on wifi) on Android. If a mobile VPN client exists for iOS, and Android has even bigger market share, why not throw some development resources at it and capture more customers where there is an obvious gap? Come on OpenDNS - people are willing to PAY for this.

  • Avatar
    isaaclicharowicz

    I wouldn't hesitate to pay for an Android version. Umbrella is the hidden gem of VPN's and well worth the $20/year. It's one of the reasons I use an iPhone. Would like to see an update for the iOS app to bring it into the current generation of Apple hardware (last update was over two years ago!). Also wonder if TLS/SSL wouldn't be a more secure alternative to IPsec that's currently used for Umbrella's VPN....

  • Avatar
    glenn2

    I'm not sure why OpenDNS still is not considering an app for Android since it's the largest mobile OS in the world. Until that happens there is a new app in the Play Store that will change your DNS without root:

    https://play.google.com/store/apps/details?id=org.arcsoft.engelsizpro&hl=en

    It costs a whole $1.48. If you are rooted, there are plenty of DNS changer apps available. You can run it as is and get the automatic phishing & malware filtering but if you want personal content filtering you can use this app to update your IP to dnsomatic which will update your OpenDNS account:

    https://play.google.com/store/apps/details?id=com.icecoldapps.dynamicdnsupdate&hl=en

    Alternatively, you can update manually with this link from within your mobile browser:

    https://email:password@updates.opendns.com/nic/update?hostname=OpenDNS_network_label

    Use %40 for "@" and 2E for "." in your email address. Credit to Rotblitz in this thread for that:

    https://support.opendns.com/entries/23217700-Is-there-an-IP-Updater-for-OpenDNS-using-android

    The only thing I have noticed is I loose the Chrome compression proxy with this enabled. I have already reached out to the dev and he is looking into it.

     

  • Avatar
    mattwilson9090

    If you use that app to update your OpenDNS account in the manner you describe I hope that this android device is the only one that you are trying to protect. If you have a computer or something else on your home network that is being protected by OpenDNS as soon as your account is updated to reflect the network that you are "visiting" all of those features will be lost at home. In addition, the network that you are visiting belong to someone else, and you are effectively "hijacking" it and claiming it as your own, assuming that it isn't already blocked for assignment to an OpenDNS network, or isn't already associated with the owner's own OpenDNS account.

  • Avatar
    glenn2

    Matt,

    Yes, I have a separate account for the mobile device from my other accounts so the IP conflict issue won't happen. I also only use this for the mobile network IP only, not when on wifi so I don't hijack an IP like you mentioned. In my testing, on my mobile network I only change IP addresses on a power cycle, but still update anyway. Even OpenDNS's own client only updates every 3 hours. Thanks for the insight.

  • Avatar
    rotblitz

    "I also only use this for the mobile network IP only, not when on wifi so I don't hijack an IP like you mentioned."

    This is wrong.  These "mobile network IP" addresses are usually shared between many mobile users at the same time, so you're still hi-jacking.

    "I only change IP addresses on a power cycle"  -  What interval do you mean by power cycle (of what)?

    "Even OpenDNS's own client only updates every 3 hours."

    Not sure why you say this.  Beside that it is wrong, it is also unrelated.
    The OpenDNS Updater checks every 1 or 5 minutes (I don't recall the interval, I had to analyze it again) for an IP address change against myip.opendns.com and updates the IP address information immediately when detecting an IP address change.

  • Avatar
    glenn2

    This is wrong.  These "mobile network IP" addresses are usually shared between many mobile users at the same time, so you're still hi-jacking. 

    From my testing, if my IP was really shared then there was no one else using OpenDNS because there was nothing logged that wasn't mine.

    What interval do you mean by power cycle (of what)?

    Power cycle my mobile device. The IP address never changes unless it's power cycled.

    Regarding the updater, the OpenDNS windows client seems to update every 3 hours. The android app I referred can be configured to update as quick as 1 minute intervals. I was just referring to my mobile carrier that doesn't change IP address unless there is a power cycle. I have no idea on other carriers.

  • Avatar
    mattwilson9090

    Glenn:

    You are certainly in a better stance than most people trying to update their account with their mobile devices, since most of them want to use the same account, and have the mobile device update it while they are away.

    Since you're not using it with someone else's WiFi, and assuming your provider is actually giving you a public IP address of your own rather than giving you a private IP address and NAT'ing you along with other users behind a public address this should work great.

    The only hitch I can see is if you are actually getting private addresses and your public address is NAT'ed you would effectively be "claiming" that address for all users who are sharing it, though realistically I doubt a lot of people using mobile devices on a carrier's network like that are also using OpenDNS. It's entirely likely that when you've looked at your logs, even if that were the case you'd be the only one generating OpenDNS traffic. Still that kind of potential conflict is why OpenDNS "locks out" private/public NAT'ed address or ranges like this.

    I can't comment on the update times for the OpenDNS updater since I update via DNS-O-Matic using my router, and the only person I support using the updater is my dad, and his IP address is essentially static so I've never really paid attention to update times.

    Anyway, thank you for going above and beyond what most people are doing with their mobile devices, it saves everyone, including yourself, a lot of headaches.

  • Avatar
    laynerd

    Yeah, the lack of an Android client for Umbrella is killing me. I'd be willing to hire a developer to create one myself if I could access the Umbrella backend so that all of the logging and customized settings would be available to Android users. Maybe Cisco will light a fire under OpenDNS to get it done.

  • Avatar
    mattwilson9090

    I don't see OpenDNS opening up their backend to anyone who asks for it, regardless of their stated intentions. You'll need to continue asking OpenDNS for an Umbrella client for Android

  • Avatar
    mbilinski

    The only three reasons i can think of as to why they have not developed the app yet is:

    1. They signed an exclusive with Apple

    2. The application for android exposes OPENDNS to a security vulnerability of some sorts

    3. They are lazy and like to do things backwards 

  • Avatar
    mbilinski

    The only three reasons i can think of as to why they have not developed the app yet are:

    1. They signed an exclusive with Apple

    2. The application for android exposes OPENDNS to a security vulnerability of some sorts

    3. They are lazy and like to do things backwards 

  • Avatar
    karlbond
    I just buy umbrella account and I just realize there is not solution for android devices. This is really annoying!

Please sign in to leave a comment.