Jack Wallen shows you how to use the new Private DNS feature in Android Pie, which allows DNS over TLS for a more secure experience.
DNS is crucial to networking. In fact, without it, we wouldn't get very far. I don't know about you, but I don't want to memorize a bunch of IP addresses to use instead of domains. The problem with standard DNS is that it isn't always the most secure option.
That's why the Android Pie developers rolled out a new implementation of DNS over TLS, which encrypts all of your DNS traffic (even if you're on your carrier network). This new feature adds a missing layer of security to Android that has never before been available (without rooting a device).
To make this work properly, you must have a DNS provider that supports DNS over TLS. By default, Android Pie devices will automatically upgrade to using DNS over TLS if the network's DNS servers support the protocol. Out of the box, this feature is set to Automatic, which means if your provider does support DNS over TLS, the feature will work without you having to make any changes. However, you might either not have a provider that supports DNS over TLS or you don't know. Should that be the case, what do you do?
SEE: Network security policy (Tech Pro Research)
You manually configure Private DNS. To do that, however, you must have a provider that supports DNS over TLS. I'm going to walk you through how to do this, using CloudFlaure DNS. There are other services, such as CleanBrowsing, which does an outstanding job of offering tiers for different filtering (while supporting DNS over TLS). The three different types of filters CleanBrowsing offers are:
- Security -- security-filter-dns.cleanbrowsing.org -- Blocks access to phishing, malware, and malicious domains.
- Family -- family-filter-dns.cleanbrowsing.org -- Blocks access to all adult, pornographic, and explicit sites, as well as proxy and VPN domains to bypass filters. Sites like Reddit are blocks, whereas Google, Bing, and YouTube are all set to Safe Mode.
- Adult Filter -- adult-filter-dns.cleanbrowsing.org -- blocks access to all adult, pornographic, and explicit sites. Sites like Reddit are allowed and both Google and Bing are set to Safe Mode.
Since I've been using Cloudflare DNS for a while, I want to configure that service as my Private DNS in Android Pie. How do you set Private DNS? I'm here to show you. Do note, this only works on Android Pie. If you're using a version prior to 9.0, it will not work.
Fortunately, this feature isn't hidden out of sight. To locate the option, open Settings and go to Network & Internet. In this new window (Figure A), tap Advanced.
You should now see the Private DNS entry (Figure B).
Tap the Private DNS entry. In the resulting pop-up (Figure C), you can turn it off, set it to Automatic, or provide private DNS entries.
Tap Private DNS and then enter the necessary hostname or provider. Notice that you cannot enter a DNS server address. That is not how this feature works. Instead, you must enter the complete string which resolves to the DNS server address. In the case of Cloudflare, the following string will resolve to 220.127.116.11:
Enter the above in the Private DNS provider hostname section and then tap Save. You're done. You can exit out of Settings and enjoy your new Private DNS over TLS feature in Android Pie.
The one caveat to this is that some apps have their own, built-in DNS querying mechanisms, which means they will not honor the Private DNS setting. Hopefully Android developers will retool their apps to allow for the use of global DNS. What that means is you cannot be certain if an app is using your newly configured DNS over TLS or their own, insecure, DNS mechanisms. Hopefully Android developers will make this change soon.
- How to use Autosync Google Drive for Android (TechRepublic)
- Android Pie: Cheat sheet (TechRepublic)
- Yum! That's some good Android Pie (ZDNet)
- A quick look at Android account settings (TechRepublic)
- Protecting your data on the web is about to get faster (CNET)
- How to turn off Android App Preview Messages (TechRepublic)
- Google expands bug bounty program to include fraud protection bypass, free purchases (ZDNet)