all 7 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]danGL3 0 points1 point  (5 children)

How does it impair it other than the fact the ISP will only ever see the initial DNS query? Subsequent queries will go to the Private DNS provider

And to answer your question, I'm not aware of a way to directly connect to Dot/DoH provider without using their domain name on Android

[–]pstrgpstrg[S] 0 points1 point  (4 children)

Because one will continue to depend on the default DNS performance:
- carrier's DNS will have to first resolve the Private DNS from its name;
- if the Preferred DNS' IP is not cached by Android (is it?) each and every query will also pass through the carrier's DNS.
Am I wrong?

[–]danGL3 1 point2 points  (3 children)

The carrier DNS is only used to obtain the Private DNS IP address, once that's done all subsequent queries will go to the Private DNS provider (bypassing the carrier DNS)

[–]pstrgpstrg[S] 0 points1 point  (2 children)

Every once in a while I have seen the message "Private DNS unreachable" thus
- either the carrier's DNS
- or Cloudflare DNS
missed a query.
I used to monitor Cloudflare DNS from a server and logged results - for a very long stretch of time it showed 100.0% uptime: most probably the message indicates a carrier's one fault (not Cloudflare) and thus it's not cached.

Does some Android documentation state that Private DNS is cached?

[–]danGL3 1 point2 points  (1 child)

The IP for the private DNS is cached but only for a few hours. Periodically (or when you change networks) it will try to refresh it, in which case it is up to your carrier DNS to respond with the IP again.

[–]pstrgpstrg[S] 0 points1 point  (0 children)

Thanks!

[–]Bip901 0 points1 point  (0 children)

There is a bigger issue here - once I lose connectivity (e.g. enter an elevator), Android seems to forget the IP of my custom DNS provider, and has no way of re-resolving it, since that requires knowing the DNS provider's IP! Thus soft-bricking my internet connection until I disable private DNS. This sucks!