I’ve been looking this up for days, and at a complete dead end now. Everything I find basically comes down to remove the dns address, turn it off, or change the address to 1.1.1.1. None of this works.
You can see in the picture that it’s turned off, and there are no saved addresses to remove. It won’t even save an address if I enter one. I can’t find anything else on my phone that references dns or network settings. I’m only using cell data, not connected to any wifi. Changing the setting to automatic doesn’t do allow me to visit sites either. Changing a setting and power cycling the phone doesn’t change anything.
I’ve spoken with my carrier, there are no parental blocks on my account. I’m the only person on the account. No one else has access.
When I go to a site my browser tells me the site is not secure, mentions opendns, and gives me the option to continue anyways. Doing so only routes back to the same not secure message. I can’t go any further.
I have no idea how this got on my phone, but it’s been on it for a couple months now. I’m sure I’m forgetting some info, but I’ve listed the main things. Any help would be appreciated, this is just stupid at this point.
If there’s a better /c/ to ask about this in let me know. Thanks everyone!
EDIT: Lem453 got me back online with thier suggestion. Select the bottom option “private DNS hostname” and enter either one.one.one.one or DNS.google.com.
Lots of good info provided by people too in the comments. As much as this has been frustrating for me on a daily basis it’s also given me new knowledge on how my phone works, so that’s pretty cool.
You must log in or register to comment.
Here is a thing about OpenDNS you might not know. It actually has parental control feature that let you filter various domains based on category. They implemented by allowing you to enter your current IP address, and then all DNS requests from that IP address will run through the selected filter: https://signup.opendns.com/homefree/
One more thing. Mobile carrier often use CGNAT, which will put a bunch of customer behind the same set of public IP address. When you’re behind a CGNAT, your request will appear to come from the same IP address like other customers of the same mobile carrier in that area.
What happened to you is someone in the same CGNAT enabled parental control on OpenDNS and registered the CGNAT’s public IP address as their own. This result in everyone in the same network to have their DNS requests filtered according to that user’s parental control settings.
You might need to wait until you got rotated into a new public IP address, or use a VPN. The real question is why your carrier use opendns in the first place.
and then all DNS requests from that IP address will run through the selected filter
Only if those clients are specifically using OpenDNS as their DNS server.
Very interesting. It does have categories blocked, it’s blocking r rated movies and anything violent too. That’s crazy someone can screw up a whole ip address like that, if that is what happened.
Thank you for the insights
Select the bottom option “private DNS hostname” and enter either one.one.one.one or DNS.google.com
Yes, you have those enter a hostname not an IP. Not sure why but it works for me on my android phone.
Yup that works, thank you! I’ve seen one.one.one.one suggested before and thought they were saying 1.1.1.1 how people will type Google(dot)com lol never occurred to me they meant to actually type in the words. DNS.google.com works too.
Huge thanks my friend!
This works because private DNS (in Android speak) is actually DNS over TLS.
TLS is the secure communication method that also protects you when you visit https sites.
DNS over TLS means your DNS traffic (queries and answers for internet server names) are sent and received between you and the DNS server using encryption.
This provides a measure of privacy as it means network operators along the way (eg. your ISP) can’t see the DNS queries you’re making.
Using Cloudflare’s server (one.one.one.one) is arguably more private than Google, as Cloudflare doesn’t make money from your data like Google does.
Yes, you have those enter a hostname not an IP. Not sure why
Because it’s DNS-over-HTTPS (DoH), so it wants a URI, not an IP.
Make sure the URL is using HTTPS:// not HTTP://
I think none of this has to do with Private DNS (which is what you found on the internet refers to).
Does the issue only happen on LTE or at home? My guess is that your DNS configuration on your home router or from you cellphone provider have been modified to use OpenDNS’s (or any other DNS that cause an issue)
Also, could you provide a screenshot of your browser telling you the website isn’t secure?
I’m not connected to Wi-Fi. It’s not getting any data from any routers.
There’s always a router, and there’s always a DNS server. Normally, your device is asking to join a network, and something on that network assigns it an IP address, a DNS server, and a gateway router to use. That’s true whether you’re connecting to WiFi or a cellular network. The difference is just which device is assigning you those things. You can also override that on your side by specifying a static configuration that can break things, but I don’t think that’s your problem.
“Private DNS Mode” here is only referring to whether or not you want to encrypt the DNS lookup traffic. That’s certainly not a bad idea, but it’s a separate issue from whether or not you have a working DNS setup at all. From the screenshot below, it looks like you do have a working DNS configuration. To connect to a server, you type the server’s name (e.g., mobile.pornhub.com), your browser sends a DNS request to your DNS server asking it to return the IP address of that server, and then it uses that IP address to ask the server to send it a web page. You’re getting to the part where you’ve asked the server to send you a web page, but the server is refusing because your browser didn’t make the request over HTTPS (i.e., using encryption).
I don’t know why that is, but I’d try the steps outlined here.
I’m not sure to understand: you can’t connect to WiFi? I would just like to know if this issue only happens on cellular in order to narrow down the causes.
Here’s screen of the error in Firefox.
Correct I’m not able to connect to any wifi here.Edit: DuckDuckGo won’t even show an error. It just reloads the current page.
do you live in mississippi, virginia, or utah?
Why is this relevant?
Thank you for this, very useful
Good call. That’s the type of thing everyone misses. It doesn’t affect this specific issue but I like how you’re thinking.
I do not.
Seems like someone (you carrier) or some app is trying to do a Man-in-the-Middle attack. I guess it only happens on this kind of website?
I guess you should start by checking for rogue apps installed on your phone.
I used pornhub just because its easy to search for and recognizable and I knew it would be blocked. Violence is being blocked too. I can’t watch a lot of legit r rated movies because they’re blocked too.
Can you post an example of such a blocked site? And in which country are you?
In the US. There’s a test example in another reply. Sorry, lemmy is goofing on me and not letting me upload it again for this comment.
@WarmSoda use mullvad dns (free) or nextdns (freemium)
I’ll give those a try. Why would I need a new app though? I want the phone to just act normal like it used to.
Edit: NextDNS works, thank you.
It seems like a decent workaround for now.If it’s bothering you that much. Do a factory reset.
No, I’d rather know what’s causing it so I can fix it in the future if it happens again.
There are two basic ways I can think of that you could still end up using OpenDNS without setting it as your DNS server in the private DNS settings. The first is simply if it’s the default DNS that your ISP (in this case the phone company, since you mention you’re not on WiFi) supplies. If you don’t set a DNS server, then your system will obtain one at the same time it obtains an IP address via DHCP during the initial handshake with the ISP, because it needs to use something to translate website names into IP addresses. So if the ISP is configured to suggest OpenDNS, that’ll still be what you’ll use. You can override this by manually setting another DNS server. Note though that many DNS services (including a Google, if I recall correctly) use OpenDNS as a fallback setting, so if the main DNS site is down for some reason, you might still get OpenDNS results.
The other possibility is if have a VPN enabled, like Adguard or DNS66. These often affect DNS resolution as part of an effort to block ads. Again, manually setting a DNS, or disabling the VPN, should override this.
One last note is that there’s a setting in Chrome that lets it bypass your DNS settings and use Google’s own DNS for that app, so if you’re using Chrome and Google’s DNS server is down or doesn’t have an entry for a particular site, that could still lead to OpenDNS being used for resolution. I haven’t really found turning off that setting to work in getting Chrome to use my configured DNS, which is part of why I now use Firefox on Android, but in theory it should be possible to fix with “settings->privacy and security->secure DNS->use current provider,” or with a custom configuration in the same setting, in Chrome, or by turning off secure DNS in the same spot.
Note that all these settings do have privacy implications, so it might be worth reading about those before mucking with any of them!
Good info, thank you. The consensus seems to be it’s either the carrier or between me and the carrier. It makes me wonder if an update happened and it put me on the current IP address that just happens to have these settings on it.
So right now I’m using the one.one.one.one dns setting and it’s working fine. But I’ll look up more info on it so I know exactly what it does and how it affects my privacy and everything.
I’m loving all the new info everyone is providing, you guys all rock.
Try a different browser or check dns settings in your browser, I don’t use firefox so I don’t know if it has that setting. You can also use a vpn, it should override your dns settings. Proton vpn is free for the basic tier.
That Private DNS setting is a separate animal from your issue. For your problem it sounds like you have something running on your phone that is trying to hijack your DNS (as I’m guessing your cell provider is not using OpenDNS as there DNS). Have you installed any new apps, or visit any new sites right before the issue started?
It started a couple months ago that I’ve noticed, so I don’t know what I could have installed back then. But I’ve looked at my app list and I’m not seeing anything that looks suspicious.
You’re correct, the carrier isn’t using anything. It took me a long time to get them to even understand what I was talking about. I even got tech to read me the SOCs on my line lol They think I’m crazy.
Try to enter one of these DNSes there.
94.140.14.14
94.140.15.15
Hmm it won’t let me save either address. The save button stays greyed out.
