Re: blocking ads in apps

Liste des GroupesRevenir à m android 
Sujet : Re: blocking ads in apps
De : V (at) *nospam* nguard.LH (VanguardLH)
Groupes : comp.mobile.android
Date : 07. Mar 2024, 12:11:11
Autres entêtes
Organisation : Usenet Elder
Message-ID : <d591nag9wral$.dlg@v.nguard.lh>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
User-Agent : 40tude_Dialog/2.0.15.41
david <this@is.invalid> wrote:

Using <news:t89d094xgey9$.dlg@v.nguard.lh>, VanguardLH wrote:
 
The final DNS query is encrypted for sure, that much even I'm aware of.
But how Private DNS blocks ads is still a mystery to me.
 The DNS server returns a fail status to the client on a DNS lookup that
is "blocked".  Blocking at the DNS server is by failing DNS lookups to
the client.  So, depends on which DNS server to which you connect
whether it blocks nothing or something.  The Cloudflare and Google DNS
don't block anything.  AdGuard DNS says what they block (fail the
lookups) at their web site to which I gave the URL.
 https://developers.google.com/speed/public-dns/docs/dns-over-tls
https://developers.google.com/speed/public-dns/docs/dns-over-tls#how_it_works
 1. The stub resolver is configured with the DNS-over-TLS resolver name dns.google.
2. The stub resolver obtains the IP address(es) for dns.google using the local DNS resolver.
3. The stub resolver makes a TCP connection to port 853 at one of those IP addresses.
4. The stub resolver initiates a TLS handshake with the Google Public DNS resolver.
5. The Google Public DNS server returns its TLS certificate along with a full chain of TLS certificates up to a trusted root certificate.
6. The stub resolver verifies the server's identity based on the certificates presented.
   If the identity cannot be validated, DNS name resolution fails and the stub resolver returns an error.
7. After the TLS connection is established, the stub resolver has a secure communication path between to a Google Public DNS server.
8. Now the stub resolver can send DNS queries and receive responses over the connection.
Guess the point that encrypted DNS (DoH or DoT) is about secreting the
traffic, and ad, phish, malware, porn, or other blocking is a feature of
the DNS server irrelevant of connection type.
A DNS server may not accept encrypted connections, but it might.
A DNS server may not block anything, but it could.
Two different features.  What you get depends on which DNS you use.

Date Sujet#  Auteur
7 Mar 24 * Re: blocking ads in apps4VanguardLH
7 Mar 24 `* Re: blocking ads in apps3Newyana2
7 Mar 24  `* Re: blocking ads in apps2VanguardLH
8 Mar 24   `- Re: blocking ads in apps1david

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal