I’m often confused about whether to use apps like RethinkDNS, Invizible Pro, or AdGuard to manage DNS requests on my phone, or to simply rely on Private DNS.
Are there any privacy advantages or security concerns associated with using these apps? When I use an app, can all DNS queries be routed through my preferred DNS provider (which helps block tracking requests on a bloated phone)? Is Private DNS easier for the system to bypass?
I typically use RethinkDNS and block any bypassed DNS requests, so I believe that all my DNS traffic is routed through RethinkDNS, making it impossible for leaks to occur. Is this a misconception? Can any DNS app truly provide that level of privacy and security?
Additionally, how does an application firewall compare to a network-level firewall like NextDNS in terms of effectiveness?
Ultimately, should I opt for an application firewall or a network-level firewall?
As best I understand it, running a private caching DNS server is the only guaranteed increase in privacy for DNS. That server still has to reach out to the net the first time a request is made, but will resolve all subsequent requests locally. DNSSEC to a privacy respecting DNS provider like quad9 at 149.112.112.112 from your local DNS server. Mayhaps the best you could do for a roaming device like a phone is to run a decent VPN with an option to prevent DNS leaks.