We have moved to a new Sailfish OS Forum. Please start new discussions there.
55

[Fixed in 1.0.7.16] Sailfish and Android apps using different DNS? [released]

asked 2013-12-26 17:59:46 +0200

bilog gravatar image

updated 2014-06-10 11:56:06 +0200

It seems that Android applications do not use the same DNS resolver as native Sailfish applications. I noticed this because I have my home network set up to use a local DNS server, and Sailfish catches this correctly, while Android applications do not.

The result is that I can access my local machines using their fully qualified domain names (e.g. wok.oblomov.eu) from e.g. the Sailfish browser, but not from e.g. Opera for Android.

EDIT: after installing a terminal emulator for Android I can confirm that getprop net.dns1 returns 8.8.8.8 instead of 127.0.0.1, which is what is found in /etc/resolv.conf, so Android _is_ using a different DNS than Sailfish OS. This should be changed.

Update: Closed this question, as it is on the list of bugs fixed in 1.0.7.16 Saapunki.

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by avdwoude
close date 2014-06-10 11:56:24.359527

Comments

1

I have also noticed this behavior and think it's built-in: e.g, Opera has a technique to send the traffic through some kind of proxy that compresses the data so that in the end less data is transferred to the browser = save data plan and get speed. Maybe other vendors do that, too?

hardcodes.de ( 2013-12-26 19:47:48 +0200 )edit

I have Opera Off-road mode disabled. In fact, if I enable off-road mode, the page loads because the browser gets the data from Opera's servers, that access my website from the public IP. The problem is without off-road modr, because the browser is still getting the public IP and thus ends up accessing the router.

bilog ( 2013-12-26 23:27:48 +0200 )edit

yep, the same thing when trying the Android XBMC-remote app. It couldn't resolve my internal hostnames. I noticed that the DNS-server in /etc/resolv.conf is 127.0.0.1 + ipv6 equivalent, maybe the Android apps don't honor that?

tiemen ( 2013-12-27 01:08:57 +0200 )edit
1

8.8.8.8 is google public dns, so I suppose google bakes that in the android runtime because usually it's faster than your ISP's DNS. I usually use that for all my pc's (with the added bonus that I circumvent some idiotic ISP blocking). I suppose there's another resolv.conf inside the android chroot?

qwazix ( 2013-12-28 14:05:27 +0200 )edit
5

Ah, why didn't I think about that? Google just wants to know everything, so why not start with every DNS query you make? I also had the 8.8.8.8 as my DNS for performance reasons but was not happy with Google knowing too much about me. So I decided to use a local DNS caching server to get almost the same performance. But that's off topic 8)

hardcodes.de ( 2013-12-28 14:11:25 +0200 )edit

4 Answers

Sort by » oldest newest most voted
9

answered 2014-01-07 13:48:07 +0200

vandersmash gravatar image

updated 2014-01-07 18:15:17 +0200

Nux gravatar image

Please allow my to add to the suggested answer:

1st I have blocked Alien Dalviks access to the Google DNS by adding entries to IP tables of Sailfish host OS:

iptables -A INPUT -s 8.8.8.8 -j DROP
iptables -A INPUT -s 8.8.4.4 -j DROP
iptables -A OUTPUT -d 8.8.8.8 -j DROP
iptables -A OUTPUT -d 8.8.4.4 -j DROP

Screen: http://sdrv.ms/1cVC0oP

After this your'll notice some applications like Yandex or Storypod don't work anymore. That means mission succces, no more Google DNS connectivity allowed.

How to get back DNS functionality?

2nd Set DNS to your choice (example with OpenDNS)

Edit /opt/alien/system/build.prop and add:

net.rmnet0.dns1=208.67.222.222
net.rmnet0.dns2=208.67.220.220
net.dns1=208.67.222.222
net.dns2=208.67.220.220

3rd create the file /opt/alien/system/etc/resolve.conf and include following (again replace the ip address with the DNS server of your choice from step 2)

nameserver 208.67.222.222
nameserver 208.67.220.220

Restart Alien Dalvik (reboot the Jolla) and test.

Note:

  • Tested the Jolla with blocked Google DNS servers blocked on the router. All is fine now.
  • Google DNS seems very hard coded, primary DNS stays on 8.8.8.8 and the new DNS is used only as a secondary DNS. (Myriad must be really in bed with Google to program such hardcore virus style behavior - or is it Jolla that has pre-configured the Alien Dalvik package options?)
  • Result is that address resolving takes a little longer.
  • Not sure if step 2 is required. As somebody has mentioned, as a stand alone solution it does not work.

Looking forward to read about somebody finding out how to erase 8.8.8.8 as primary DNS permanently.

edit flag offensive delete publish link more

Comments

From what I seen 8.8.8.8 is hard-coded in various binary libraries. My guess is that it is not about some evil doings, but rather deadlines ;-).

Nux ( 2014-01-07 18:18:34 +0200 )edit

/opt/alien/system/etc/resolve.conf should be symlink to /etc/resolve.conf IMO

ZogG ( 2014-01-07 20:10:08 +0200 )edit

The steps work. But the changes of the Iptables are not persisted after a restart, after which 8.8.8.8 is used again. Any ideas how to make the Iptables entries permanent? Anything cleaner than this: https://together.jolla.com/question/11075/how-to-setup-firewall-iptables-init-scripts/

umko ( 2014-01-12 14:30:00 +0200 )edit

Tried a few things as per common Debian documentation to no avail. A package exists "iptables-persistent" service didn't try.

While waiting Jolla I do following

one time only to save the rules to a file:

iptables-save > /etc/iptables-rules

after each boot:

iptables-restore < /etc/iptables-rules

vandersmash ( 2014-01-14 09:55:33 +0200 )edit

For automatic restoring you can use systemd service see: https://together.jolla.com/question/404/autostart-applications/ or jest create a profile.d script, see: https://together.jolla.com/question/11075/how-to-setup-firewall-iptables-init-scripts/

Nux ( 2014-01-14 10:27:26 +0200 )edit
5

answered 2014-04-11 23:09:00 +0200

dazo gravatar image

I've approached this differently. I used iptables NAT rules to forward all DNS requests towards 8.8.8.8 and 8.8.4.4 to be processed by 127.0.0.1 instead. That have worked flawlessly for me.

I set up firewalling like I described here: https://together.jolla.com/question/11075/how-to-setup-firewall-iptables-init-scripts/#37141 Then I added these iptables rules:

iptables -t nat -A OUTPUT -d 8.8.8.8/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -A OUTPUT -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -A OUTPUT -d 8.8.4.4/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
iptables -t nat -A OUTPUT -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53

With my little systemd-iptables wrapper setup, I saved these rules and ensured the iptables unit was being started at boot using these lines:

 [root@Jolla ~]# /usr/local/sbin/systemd-iptables save
 [root@Jolla ~]# systemctl enable iptables.service
 [root@Jolla ~]# systemctl start iptables.service
edit flag offensive delete publish link more
1

answered 2014-01-05 07:49:46 +0200

Nux gravatar image

Haven't check that, but I think you should be able to change DNS by adding below to /opt/alien/system/build.prop. Note that you need to modify it as root.

# Google DNS Tweak
net.rmnet0.dns1=1.2.3.4
net.rmnet0.dns2=5.6.7.8
net.dns1=1.2.3.4
net.dns2=5.6.7.8

Based on: http://forum.xda-developers.com/showthread.php?t=1706154

edit flag offensive delete publish link more

Comments

Except that it doesn't. The value of net.dns1 is always reset to 8.8.8.8 (this does change the value of net.dns2, but that's not enough since it's the fallback).

bilog ( 2014-01-06 09:43:40 +0200 )edit

That is a pity. They really need to address this...

In any case, as an intermediate hack, considering that the secondary DNS can be changed, would it be possible to globally block 8.8.8.8 on the device, so that AlienDalvik must use the fallback DNS?

umko ( 2014-01-06 12:16:23 +0200 )edit
0

answered 2014-04-28 19:20:45 +0200

wickedsp1d3r gravatar image

updated 2014-04-28 20:06:37 +0200

chattr +i /etc/resolv.conf is working. Resolv.conf does not reset on reboot after that command.

edit flag offensive delete publish link more

Question tools

Follow
21 followers

Stats

Asked: 2013-12-26 17:59:46 +0200

Seen: 4,200 times

Last updated: Jun 10 '14