How do you configure secure DNS (aka "private DNS") with cloudflare?



  • note: there are a lot of DNS questions on android.stackexchange.com I'm creating this question because all the other DNS questions were for different scenarios and I wanted to keep this up to date over the years.

    I do not want my DNS queries to be unencrypted whenever I am doing any internet activity (either through cellular mobile internet or through wifi with home internet).

    How do you configure secure DNS (aka "private DNS") with cloudflare?



  • In a nutshell or tldr summary:

    For android 9 or later:

    • open settings
    • search for dns
    • touch the Private DNS ** a dialog box opens with three options**
    • select the last option called Priavte DNS provider hostname
    • fill in one.one.one.one
    • test by going to address https://1.1.1.1/help

    warning: any wifi network that uses a Captive Portal will stop all your internet. when you are on a wifi network that uses Captive Portal, you have to go back to settings/Private DNS and set it to off then follow the Captive Portal instructions then go back to settings/Private DNS back on.


    for the full story keep reading here:

    follow the docs:

    Cloudflare has some really good documentation that is short and understandable (Google also has good documentation but I had trouble following their documentation).

    • The Cloudflare help starts at: https://1.1.1.1/help
    • click at the bottom for FAQ then look for the developer docs link which is: https://developers.cloudflare.com/1.1.1.1/ (this has docs for pretty much any computer (android, windows, mac, linux, etc, etc))
    • click on android. follow the directions given or use my summary directions.

    follow the summary of the docs:

    Option 1: For android 9 or later:

    • open settings
    • search for dns
    • touch the Private DNS ** a dialog box opens with three options**
    • select the last option called Priavte DNS provider hostname
    • fill in one.one.one.one
    • test by going to address https://1.1.1.1/help

    Option 2: For android 8 or earlier (FYI i have not personally these instructions because I do not have an older android phone):

    • settings --> wifi --> modify network --> show advanced options
    • using your on screen keyboard copy the current text to somewhere (in case something goes wrong)
    • type in or copy and paste the following
    1.1.1.1
    1.0.0.1
    2606:4700:4700::1111
    2606:4700:4700::1001
    
    • save
    • test by going to address https://1.1.1.1/help

    Option 3: Lastly you can download their app but I have not tried it: https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone&hl=en_US&gl=US

    warning: any wifi network that uses a Captive Portal will stop all your internet. when you are on a wifi network that uses Captive Portal, you have to go back to settings/Private DNS and set it to off then follow the Captive Portal instructions then go back to settings/Private DNS back on.


    Addendum

    important note: some internet providers block secure DNS

    • i used to use dns.google in my android phone but it stopped working in 2022-01 for unknown reasons
      • same behavior for when you connect to a wifi network that uses captive portal and your android phone says it can not connect to the internet because the wifi network is blocking your internet
    • i did a google search and found others had similar issues (private DNS not working on their cellular internet)
    • for a brief like week i was able to use the alternative Cloudflare hostname 1dot1dot1dot1.cloudflare-dns.com but that also stopped working
    • i wrote this because it took me so long to get this working so i wanted to document it all and make it easier for others

    if you do not like Cloudflare there are other providers of Secure DNS

    • google has some docs here: https://developers.google.com/speed/public-dns/docs/using
    • quad9 is another (i've not used quad9 so i can not say anything about them)



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2