~singpolyma/dev

3 2

Cheogram Android - Private DNS

Details
Message ID
<06141577-a866-48e1-9ecf-bfd3caf34897@justinanteau.com>
DKIM signature
fail
Download raw message
DKIM signature: fail
Hello,

I mentioned this issue in the Soprani.ca XMPP room, but wanted to send 
an e-mail as well.  I have noticed that Cheogram Android does not use 
the Android configured Private DNS (DoT) for XMPP name resolution, but 
instead uses the DHCP provided DNS.

My setup:

  * I'm using Cheogram Android (2.15.3-1+free) on an Android 14
    (GrapheneOS) phone.
  * Android's Private DNS setting is configured to use NextDNS.
  * My home WiFi is configured to hand-out my AdGuard Home server for
    DNS over DHCP.

When I open the Cheogram app I can see that the analytics DNS queries 
(app.glitchtip.com) hit the Private DNS resolver.  I do not see any DNS 
queries for my XMPP domain (justinanteau.com) in NextDNS (DoT), but I do 
see them in my network DNS (AdGuard Home).  This isn't an issue at home, 
but would mean it leaks these DNS queries to my carrier and other 
network providers when I'm not connected to my WiFi.

I installed the latest Conversations version and tried to login to an 
account to see where the DNS queries landed.  It appears Conversations 
correctly sends the XMPP domain queries to the configured Private DNS.  
I tried to do more extensive testing with Conversations, but it does not 
appear like the latest Cheogram Android is able to export a backup in a 
format Conversations is compatible with, making migration impossible.

If further information is needed, feel free to reach out to me by e-mail 
or XMPP  (justin@justinanteau.com).


Justin
Details
Message ID
<ZlXoPetT0vfkpbUK@singpolyma-beefy.lan>
In-Reply-To
<06141577-a866-48e1-9ecf-bfd3caf34897@justinanteau.com> (view parent)
DKIM signature
pass
Download raw message
>I mentioned this issue in the Soprani.ca XMPP room, but wanted to send an 
>e-mail as well.  I have noticed that Cheogram Android does not use the 
>Android configured Private DNS (DoT) for XMPP name resolution, but instead 
>uses the DHCP provided DNS.

Indeed, we use the Android configured DNS, but do not support DoT or DoH at 
this time. We'd love to get support for both into 
https://github.com/MiniDNS/minidns so we could use them.
Details
Message ID
<cabca6ce-add4-41c2-b850-eaf58a35c218@app.fastmail.com>
In-Reply-To
<ZlXoPetT0vfkpbUK@singpolyma-beefy.lan> (view parent)
DKIM signature
pass
Download raw message
I see there is an old open feature request for DoT: https://github.com/MiniDNS/minidns/issues/34

I see this commit for Conversations: https://codeberg.org/iNPUTmice/Conversations/commit/8f014d5525e234a7bd25f120b27480dd15044c82 but I'm guessing Cheogram isn't making DNSSEC optional?

Thanks for the reply!

----- Original message -----
From: Stephen Paul Weber <singpolyma@singpolyma.net>
To: Justin Anteau <justin@justinanteau.com>
Cc: dev@singpolyma.net
Subject: Re: Cheogram Android - Private DNS
Date: Tuesday, May 28, 2024 10:20 AM

>I mentioned this issue in the Soprani.ca XMPP room, but wanted to send an 
>e-mail as well.  I have noticed that Cheogram Android does not use the 
>Android configured Private DNS (DoT) for XMPP name resolution, but instead 
>uses the DHCP provided DNS.

Indeed, we use the Android configured DNS, but do not support DoT or DoH at 
this time. We'd love to get support for both into 
https://github.com/MiniDNS/minidns so we could use them.

Attachments:
* signature.asc
Details
Message ID
<ZlYYO8GcIcnjbKQ0@singpolyma-beefy.lan>
In-Reply-To
<cabca6ce-add4-41c2-b850-eaf58a35c218@app.fastmail.com> (view parent)
DKIM signature
pass
Download raw message
>I see this commit for Conversations: 
>https://codeberg.org/iNPUTmice/Conversations/commit/8f014d5525e234a7bd25f120b27480dd15044c82 
>but I'm guessing Cheogram isn't making DNSSEC optional?

Yes it seems conversations has chosen to implement some of this themselves 
rather than contribute to the library. Hopefully we can get this all 
resolved eventually.
Reply to thread Export thread (mbox)