Question Question on DNS numbers

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Tech Junky

Senior member
Jan 27, 2022
555
160
76
It probably is doing some connectivity checks that have to timeout before they display. hacking them or the NVR to point to an IP of the PC they're hardwired to should speed things up. Or the browser is confused by trying to find the route to the hardwired subnet. Disable auto configure / proxy / etc. in internet options > connection > LAN
 

Lost_in_the_HTTP

Diamond Member
Nov 17, 2019
6,211
3,639
106
That was all unticked, but I also unticked 'Auto Detect Settings" and it's working a lot faster. I really don't use IE for anything other than this, so it isn't a big issue.

At this moment, it all seems to be working on the internal LAN and none of them seem to have web access.

I can't view them on the manufacturer's mobile programs for example.
 

Lost_in_the_HTTP

Diamond Member
Nov 17, 2019
6,211
3,639
106
Not really a sacrifice since I had no reason to do that to begin with and didn't really want to. Thing is, I guess I can simply plug that one LAN cable back in as I'm going out the door if I want to be able to look at them while I'm away for some reason.
 

Tech Junky

Senior member
Jan 27, 2022
555
160
76
Sure, or setup a port trigger to activate the connection remotely through the firewall.

Port Knocking is a way to activate things remotely but, it depends on what kind of router / FW / etc. you're using as to whether that's an option or not.

With a Linux based DIY router / FW though it's a potential feature you could use. Also, it would enable you to lockdown the cams a bit more granularly than the segregation method.

Depend son how deep you want to get into personalizing things. From effort to $$.
 

VirtualLarry

No Lifer
Aug 25, 2001
53,191
7,654
126
I found a quirk after updating to Android 12 on my phone where it allows Chrome to bypass my static info completely to allow ads when they were being blocked with Pihole. This is a bit perplexing because all other apps block them properly as they did before. Seems Google put in a backdoor to allow traffic to bypass things in A12.

This is a bit perplexing as to how they're doing this w/o permission. I'm still digging into it though trying to figure out how they're circumventing explicit settings. Chrome didn't exhibit this behavior on A11 so, it's not Chrome doing it. At least I don't think so yet.
Maybe Chrome is using DNS-over-HTTPS, bypassing your PI-hole?
 

Tech Junky

Senior member
Jan 27, 2022
555
160
76
Maybe Chrome is using DNS-over-HTTPS, bypassing your PI-hole?
If that were the case it should be happening on all Chrome versions not just mobile.

I've done all of the tricks mentioned from disabling private DNS and so on and while it glitches after toggling things and blocks ads they come back after another refresh.

I have 2 things in play here to block this junk. 1 pihole / 2 vpn - disabled SIM data to make sure it's not circumventing the static IP info.

The thought of Chrome bundling in some sort of VPN on itself in A12 comes to mind as it seems all of the browsers are jumping on the VPN bandwagon lately. I'm also pondering the idea that OnePlus might have rolled something into the update to permit / bypass the DNS manual settings. I haven't bothered really debugging it yet to see where the leak is coming from.

So, my phone apparently knows I'm looking to fix the issue and a new browser popped up in the news app while scrolling through headlines.


It's just bothersome that windows / linux machines are abiding by the rules like they have been for years but, the stupid phone update allows it to bypass things.
 

Lost_in_the_HTTP

Diamond Member
Nov 17, 2019
6,211
3,639
106
Vivaldi isn't new, but it's pretty cool in many ways. I have it on my notebook, but haven't put it on a mobile yet.

It's just another Chromium clone though, same as Brave and Opera.

In fact, I may try it on mobile as I'm not overly satisfied with Brave, DDG or Adblock's attempts.
 

Tech Junky

Senior member
Jan 27, 2022
555
160
76
Vivaldi isn't new,
I hadn't heard of it before seeing the mention of it on the news feed. Of course chromium based options have existed for quite awhile ( decades ). Chrome though has worked fine for quite awhile and no need to look into other options until this. If it's bypassing DNS though it makes me wonder what else it's leaking in the process.

Just another annoyance to deal with.
 

Lost_in_the_HTTP

Diamond Member
Nov 17, 2019
6,211
3,639
106
Chrome though has worked fine for quite awhile and no need to look into other options until this. If it's bypassing DNS though it makes me wonder what else it's leaking in the process.

Just another annoyance to deal with.
I've always considered anything from the G to be spyware. I've never trusted their stuff. I use only what cannot be avoided and then only very sparingly. No 'Tube or anything similar. G's entire business plan is gathering and selling personal information.


.
 

Tech Junky

Senior member
Jan 27, 2022
555
160
76
I agree but, in my book G is the lesser of 2 evils when it comes to some things. For the phone I don't use it for much that they can track or would want to sell anyway. Everything is entwined with G anyway in one shape or another. It's about limiting things as much as possible from being siphoned in the process.

I guess the ease of cross device sync is the appeal for me and using SSO with the same login makes things smooth. Each platform OS though acts a bit different from Windows / Linux / Android they all have their quirks in how they handle G products.

@mxnerd - I haven't had any issues until the phone update. Switching the backend won't resolve the issue. The phone is bypassing pihole completely on Chrome as it's not hitting the server. I suppose I could add a rule to the FW forcing all DNS traffic to hit pihole but, that shouldn't be needed if the IP info is set static to push everything in that direction.
 

Tech Junky

Senior member
Jan 27, 2022
555
160
76
VL's suspicion seemed correct.
I've moved onto the FW side and forcing DNS to hit the PIHOLE instead of relying on Android to abide by what I tell it to do and then not do it.

Problem is the suspect APP is still able to reflect ads which means it's DOH/443 which blocking turns into a S-Show for any https site. I added some rules to the FW to see where DNS traffic is headed and I'm getting hits across different ports / protocols which makes things a bit more interesting.

1652473145887.png

I guess I have something to keep an eye on and potentially switch up the browser as a starting point to close the hole that G has created somehow or maybe it's OnePlus that did it through the A12 upgrade. Might be a coincidence or it could be both in tandem.

All other apps though adhere to the DNS / blocking. While looking around it seems this might have reared its head back in 12/2021 with an update that rolled out with the security patch on A12 but I was running A11 w/ 3/2022 patch.

SMH...... Looks like there's some other issues others are experiencing from another standpoint of admins not being able to hit local resources on the LAN.
 

sdifox

No Lifer
Sep 30, 2005
87,675
10,717
126
Outside of the cam / call home issue.....

I found a quirk after updating to Android 12 on my phone where it allows Chrome to bypass my static info completely to allow ads when they were being blocked with Pihole. This is a bit perplexing because all other apps block them properly as they did before. Seems Google put in a backdoor to allow traffic to bypass things in A12.

This is a bit perplexing as to how they're doing this w/o permission. I'm still digging into it though trying to figure out how they're circumventing explicit settings. Chrome didn't exhibit this behavior on A11 so, it's not Chrome doing it. At least I don't think so yet.
Try Brave Browser.
 

Tech Junky

Senior member
Jan 27, 2022
555
160
76
Found it.

Chrome < settings < privacy and security < secure dns < disable

Similar to the phone settings m menu but within the app itself. It doesn't allow using an ip and has a drop down for providers or a URL.


The odd thing is this secure DNS option was enabled on the laptop but didn't bypass the PIHOLE restrictions. Which begs to question how the hell is the phone allowing Chrome to supersede the IP configuration that's blocking ads / domains. There must be something in A12 that wasn't in A11 that basically tunneled the DNS Chrome option to allow it to unblock things. It's a head scratcher as to exactly which chicken / egg option allowed for the exception to occur.
 
Last edited:

ASK THE COMMUNITY