RethinkDNS + Firewall
Firewall App for the DNS Resolver Service RethinkDNS
- Purchase/Installation Date
- Purchase Price
- System Requirements
- Test Environment
- Text auf Deutsch
Effective Firewall protects Privacy
Everyone wants access to a secure and open internet.
Rethink DNS + Firewall provides fast secure configurable and private DNS + Firewall for Android.
RethinkDNS comes with an accompanying firewall app for Android that allows you to monitor and control internet access to apps installed on your device.
The app allows you to view searchable network logs per connection. It shows which apps have been blocked and when, and which apps are connected to whom and when.
You can also block individual IPs.
You can set rules: Block apps by category. Block when an app is running in the background. Blocking an app when the device is locked. Block an app permanently.
When DNS is configured, you can analyse DNS requests in real time and read the aggregated reports in the app logs. It also helps to circumvent the internet censorship that applies in most countries.
RethinkDNS. Founded under the name: BraveDNS.
For free. No ads, no tracker, really for free. Open source.
Rating (1–5 Stars)
Extensively tested version: 053h: ***** (5 Stars)
Current version: 053i: ***** (5 Stars)
Smartphone with Android OS 5.0 or higher.
Works also with /e/OS 1.2.
Mobile App: English
in English, via Blog, Chat, Twitter.
Even contacted me via mail form because of this test report and uploaded a short explanatory video on YouTube for me! Great Service!
RethinkDNS is a DNS resolver service with custom rules and block lists. A DNS resolver is an address book of the internet – it helps to find the IP addresses of the servers to which a domain name is assigned. For example: dns.google.com (a domain name) is located at 126.96.36.199 (IP address). This mapping is retrieved by a DNS resolver.
You can configure RethinkDNS in the associated firewall app or even in your own device/internet browser that supports Secure DNS (also known as DNS over HTTPS). See below (Configuration).
RethinkDNS is a private, secure and fast DNS resolver and currently has 189 predefined blacklists that you can configure.
With RethinkDNS' paid plans (coming soon), you can also define your own custom blocklists that can be configured with RethinkDNS. The paid plan also allows you to store your DNS logs and view analytics, all in the cloud. You will be able to analyse your DNS queries and read through aggregated reports.
RethinkDNS is highly available with servers in more than 200 locations around the world for fast DNS resolution (provider: Cloudflare).
Those who prefer to trust a European DNS service can also also use these. Have looked up the URL for “DoH” at my favourite dnsforge.de and stored it in the DNS menu of the app (Custom DNS): “https://dnsforge.de/dns-query”.
And in Android I have configured “dnsforge.de” as “Private DNS”.
Attention: for the use of RethinkDNS select “Automatic” afterwards!
A custom DNS resolver can be configured here:
rethinkdns.com/configure. It will give you a DNS resolver address that looks something like
https://basic.bravedns.com/1:YASAAQBwIAA= according to blocklists or rules that you selected. This address can then be used as your DNS resolver in your device or browser.
And here you can find the switch to DoT; important for the next tip …
To obtain a DNS resolving address for DoT, switch to DNS over TLS (DoT) before selecting Blocklists.
For the firewall to work with individual private DNS settings, the following firewall settings must be disabled:
• Block connections when DNS is bypassed
• Block newly installed apps by default
(to be found under: Firewall/Universal)
This was also the reason why the firewall on my fairphones no longer worked as expected or why no internet was possible at all. An error that was difficult to find, which one of the developers showed me in an explanatory video he made personally for me on YouTube (thanks, Mz.!).
Configuring local Blocklists in the Firewall App
- Open RethinkDNS on your Android Smartphone
- Click START to start the RethinkDNS resolver and Firewall, once it starts up properly, you'll see a “PROTECTED” status below it.
- Tap below on the gear wheel “Settings”. Then activate first entry “Enable on-device blocklists”.
- To configure block lists, tap the “CONFIGURE” button below to open the RethinkDNS configuration page. Here you can tap on "advanced" to see all blocklists and select them yourself individually or use "simple" to activate a selection of blocklists from each of the categories Parent Controls (Piracy, Gambling, Dating, Social Media), Security and Privacy.
- After you select your desired blocklists, tap on “Done” at the bottom bar. This will close the configuration page and the selected blocklists will be automatically configured within the app. You will see an android toast message Configured URL has been updated successfully to confirm this.
- You have successfully configured RethinkDNS with blocklists in the companion firewall app.
/e/OS 0.21 based on Android OS 10
/e/ Browser – a Fork of Chromium/Bromite
Version: 96.0.4664.54 (foundation.e.browser)
Only exists in /e/OS: DNS of the network provider: off
Only available in /e/OS: Private DNS: IP: 188.8.131.52 or 184.108.40.206
Google Android OS 11
Mozilla Firefox Daylight
Version: 96.3.1 (Build #2015860755)
Plug-in: NoScript (Giorgio Maone), Version 11.2.19
DNSSEC Resolver Test
Result on both Fairphones with dnsforge.de: OK
Result on both Fairphones with dns3.digitalcourage.de: OK
05.02.2022: today it fails once on the Fairphone 4.
Curious … perhaps a problem on the test server?
Ad Blocker Test
For comparison: RethinkDNS deactivated, with dnsforge.de: 90 %
08.10.2021: I have installed RethinkDNS on my Fairphone 3+. The energy consumption of the Fairphone 3+ is unusually high and I suspect that this app is the energy guzzler. So I uninstall the app again days later and test other ad blockers.
13.01.2022: I have installed RethinkDNS on my Fairphone 4. Because the energy consumption does not increase afterwards, the suspicion is invalidated.
08.02.2022: I am still very satisfied with this app.
- unwanted content is reliably blocked
- very well sorted high quality selection of blocklists
- lists responsible for blocking are in the logbook and can be deactivated if necessary
- dangerous malware no longer gets onto the smartphone so easily
- spying/unserious/evil apps do not reach their command centre
- instead of Cloudflare (USA!), an european “Private DNS” can be stored
- open source – anyone can view the source code and check its security
- app and basic service are free of charge
- Cloudflare as provider by default, alternatively Google is used (but can be changed to desired resolver)
- App supports (Android-usual) only DoH – but DoT is possible via web configuration
- blocks radically – some websites are not loaded at all, others only text is loaded
(Remedy: see Pros, 3. item)
By default, DNS over HTTPS is set with Cloudflare as provider, but you can store any other DNS service and if you absolutely want to use DNS over TLS, you can leave out the app and configure the DNS filter on the website and store the URL generated in this way as Private DNS in the device.
Without Private DNS and reliable ad blockers, a smartphone will sooner or later be completely spied out. It should be clear to everyone that it is better to avoid clouds. I have set the Google apps “Contacts” and “Phone” so that the data remain on the device. With many other apps, you don't know where the data goes. Those who like to try out free apps from Google's Play quickly become commodities and hand over themselves and their data.
Important: no app can replace common sense.
I have tested almost all apps of this kind and none works as expected.
Last time the app DNS66 disappointed me.
DNSCloak: Secure DNS Client for iOS and iPadOS (for free)
Apple Private Relay (service for 0.99 EUR/month)