From 135723436905f3917ab6f0f82fbbeeb57602fe7f Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 28 Feb 2020 22:15:02 -0500 Subject: [PATCH] add custom DNS server question / answer --- static/faq.html | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/static/faq.html b/static/faq.html index ab6b74cb..78c071e9 100644 --- a/static/faq.html +++ b/static/faq.html @@ -66,6 +66,7 @@ bundled apps make by default?
  • What does GrapheneOS do about cellular tracking and silent SMS?
    • +
  • How do I use a custom DNS server?
  • Why does Private DNS not accept IP addresses?
    • @@ -362,6 +363,27 @@ sending texts or other data is not required or particularly useful to track devices connected to a network for an adversary with the appropriate access.

    +

    + How do I use a custom DNS server? +

    + +

    It isn't possible to directly override the DNS servers provided by the network via + DHCP. Instead, use the Private DNS feature in Settings ➔ Network & internet ➔ + Advanced ➔ Private DNS to set the hostname of a DNS-over-TLS server. It needs to have + a valid certificate such as a free certificate from Let's Encrypt. The OS will look up + the Private DNS hostname via the network provided DNS servers and will then force all + other DNS requests through the Private DNS server. Unlike an option to override the + network-provided DNS servers, this prevents the network from monitoring or tampering + with DNS requests/responses.

    + +

    Configuring a static IP address for a network requires entering DNS servers + manually, but you should still use the Private DNS feature with it, and you shouldn't + misuse the static IP address option just to override the DNS servers.

    + +

    VPN service apps can also provide their own DNS implementation and/or servers, + including an alternate implementation of encrypted DNS. Private DNS takes precedence + over VPN-provided DNS and using Private DNS is still recommended with a VPN.

    +

    Why does Private DNS not accept IP addresses?