Enable Private DNS with on Android 9 Pie

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Recently, Google officially launched Android 9 Pie, which includes a slew of new features around digital well-being, security, and privacy. If you’ve poked around the network settings on your phone while on the beta or after updating, you may have noticed a new Private DNS Mode now supported by Android.

This new feature simplifies the process of configuring a custom secure DNS resolver on Android, meaning parties between your device and the websites you visit won’t be able to snoop on your DNS queries because they’ll be encrypted. The protocol behind this, TLS, is also responsible for the green lock icon you see in your address bar when visiting websites over HTTPS. The same technology is useful for encrypting DNS queries, ensuring they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network path between you and your DNS resolver. These new security protocols are called DNS over HTTPS, and DNS over TLS.

Bad: Android Pie makes it harder (than previous versions) to set a custom DNS server on a cellular data connection.

Good: Android Pie supports DNS-over-TLS, so that’s nice.

SiteFinder: Mark Two

[this post was damaged during a server failure on Sunday 11th July 2004, and it has not been possible to recover it]

[further fragments of this post were recovered on 12 October 2018]

If you’ve been reading this blog since September-ish, you’ll remember when I had about a week of ranting about the VeriSign/SiteFinder lark: this was where VeriSign, who (in layman’s terms) are responsible for linking all .com, .net, and .org addresses to their respective servers, in September last year put a ‘catch-all’ clause in. In other words, every possible combination of letters and numbers, followed by a .com, .net, or .org, ‘belonged’ to them. This was a complete abuse of their position of power, and caused a great deal of faults amongst systems throughout the internet. In addition, it could eventually have been used (and evidence suggests that the intention was there) to monopolise the internet’s search engine and advertising services.

Well; they’re at it again, as this article (“SiteFinder vs. Engineers: Our Mistake Is Ignorance”) discusses, so you’re likely to see me ranting at least a little more. If they do decide to do it again, they’ve stated that they will “provide 60 or 90 days warning, in order for the appropriate technological …

Smart Alex

Alex, my incompetent co-worker, came up with the following gem in today’s meeting when talking about a product that would aid employers in securely tracking how long their employees actually spend working:

“It’s not going to have any of that… security… nonsense.”

I shall have to beat him to death later.

P.S. told you that this thing was going to get big, quick. The Register reports “All your Web typos are belong to us”, and I quote: “Already a backlash is building, with Net admins being urged to block Verisign’s catch-all domain. This could get very messy.”