diff --git a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
index b9835c45..b6426fd2 100644
--- a/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/CaptureService.java
@@ -611,7 +611,7 @@ public class CaptureService extends VpnService implements Runnable {
boolean opportunistic_mode = !strict_mode && linkProperties.isPrivateDnsActive();
Log.d(TAG, "Private DNS: " + (strict_mode ? "strict" : (opportunistic_mode ? "opportunistic" : "off")));
- if(!mSettings.root_capture) {
+ if(!mSettings.root_capture && mSettings.auto_block_private_dns) {
mDnsEncrypted = strict_mode;
/* Private DNS can be in one of these modes:
diff --git a/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java b/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java
index ca8ec6dc..caf8407a 100644
--- a/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/activities/SettingsActivity.java
@@ -125,6 +125,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
private SwitchPreference mBlockQuic;
private SwitchPreference mFullPayloadEnabled;
private SwitchPreference mRootCaptureEnabled;
+ private SwitchPreference mAutoBlockPrivateDNS;
private EditTextPreference mSocks5ProxyIp;
private EditTextPreference mSocks5ProxyPort;
private Preference mTlsHelp;
@@ -251,6 +252,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
@SuppressWarnings("deprecation")
private void setupTrafficInspectionPrefs() {
mTlsHelp = requirePreference("tls_how_to");
+ mAutoBlockPrivateDNS = requirePreference("auto_block_private_dns");
mTlsDecryption = requirePreference(Prefs.PREF_TLS_DECRYPTION_KEY);
mTlsDecryption.setOnPreferenceChangeListener((preference, newValue) -> {
@@ -365,6 +367,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
private void rootCaptureHideShow(boolean enabled) {
if(enabled) {
mTlsDecryption.setVisible(false);
+ mAutoBlockPrivateDNS.setVisible(false);
mSocks5Enabled.setVisible(false);
mSocks5ProxyIp.setVisible(false);
mSocks5ProxyPort.setVisible(false);
@@ -373,6 +376,7 @@ public class SettingsActivity extends BaseActivity implements PreferenceFragment
mBlockQuic.setVisible(false);
} else {
mTlsDecryption.setVisible(true);
+ mAutoBlockPrivateDNS.setVisible(true);
fullPayloadHideShow(mTlsDecryption.isChecked());
mBlockQuic.setVisible(mTlsDecryption.isChecked());
socks5ProxyHideShow(mTlsDecryption.isChecked(), mSocks5Enabled.isChecked());
diff --git a/app/src/main/java/com/emanuelef/remote_capture/model/CaptureSettings.java b/app/src/main/java/com/emanuelef/remote_capture/model/CaptureSettings.java
index d68ff21c..3f8fe3a8 100644
--- a/app/src/main/java/com/emanuelef/remote_capture/model/CaptureSettings.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/model/CaptureSettings.java
@@ -21,6 +21,7 @@ public class CaptureSettings implements Serializable {
public boolean pcapdroid_trailer;
public boolean full_payload;
public boolean block_quic;
+ public boolean auto_block_private_dns;
public String capture_interface;
public String pcap_uri;
public int snaplen = 0;
@@ -44,6 +45,7 @@ public class CaptureSettings implements Serializable {
tls_decryption = Prefs.getTlsDecryptionEnabled(prefs);
full_payload = Prefs.getFullPayloadMode(prefs);
block_quic = Prefs.blockQuic(prefs);
+ auto_block_private_dns = Prefs.isPrivateDnsBlockingEnabled(prefs);
}
public CaptureSettings(Intent intent) {
@@ -66,6 +68,7 @@ public class CaptureSettings implements Serializable {
tls_decryption = getBool(intent, Prefs.PREF_TLS_DECRYPTION_KEY, false);
full_payload = false;
block_quic = getBool(intent, Prefs.PREF_BLOCK_QUIC, false);
+ auto_block_private_dns = getBool(intent, Prefs.PREF_AUTO_BLOCK_PRIVATE_DNS, true);
}
private static String getString(Intent intent, String key, String def_value) {
diff --git a/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java b/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java
index 33250e89..9f46596b 100644
--- a/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java
+++ b/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java
@@ -65,6 +65,7 @@ public class Prefs {
public static final String PREF_TLS_DECRYPTION_SETUP_DONE = "tls_decryption_setup_ok";
public static final String PREF_FULL_PAYLOAD = "full_payload";
public static final String PREF_BLOCK_QUIC = "block_quic";
+ public static final String PREF_AUTO_BLOCK_PRIVATE_DNS = "auto_block_private_dns";
public enum DumpMode {
NONE,
@@ -125,4 +126,5 @@ public class Prefs {
public static boolean isTLSDecryptionSetupDone(SharedPreferences p) { return(p.getBoolean(PREF_TLS_DECRYPTION_SETUP_DONE, false)); }
public static boolean getFullPayloadMode(SharedPreferences p) { return(p.getBoolean(PREF_FULL_PAYLOAD, false)); }
public static boolean blockQuic(SharedPreferences p) { return(getTlsDecryptionEnabled(p) && p.getBoolean(PREF_BLOCK_QUIC, false)); }
+ public static boolean isPrivateDnsBlockingEnabled(SharedPreferences p) { return(p.getBoolean(PREF_AUTO_BLOCK_PRIVATE_DNS, true)); }
}
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 799e4a26..fe9b6e08 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -342,4 +342,6 @@
No-root firewall
Block QUIC
Block QUIC connections to possibly fallback to TLS. Some apps may stop working
+ Block private DNS
+ Detect and possibly block private DNS to inspect DNS traffic. Disabling this can hinder detection
diff --git a/app/src/main/res/xml/root_preferences.xml b/app/src/main/res/xml/root_preferences.xml
index 43fbb126..280621f0 100644
--- a/app/src/main/res/xml/root_preferences.xml
+++ b/app/src/main/res/xml/root_preferences.xml
@@ -45,6 +45,13 @@
+
+