Tl;Dr: want to know, how to debug Android DNS resolution problems with Private DNS.
I've created my own DoH (Dns-over-Https) proxy server, to use it as a "Private DNS" in android. It proxifies requests to my own installation of dnscrypt-proxy, that is configured to block some of unwanted domains. It works on my Android as planned.
The problem: when my private DNS is enabled in Android, many applications from time to time complains about "network inaccessible" or "domain could not be resolved". It happens on a regular basis, and if I turn Private DNS off, this problem completly disappears. For example: web-browser could load site by second try, online taxi application complains that there is no internet, and after I restart it - works normally.
What I've tried:
- Rewrite my DoH-proxy from php (first ad-hoc version) to async python+aiohttp (to solve problem with workers depletion on php)
- Made a load-testing benchmark of my DoH - it works fine, request-response time is quite small, even then thousands of requests per second are made.
- Added redis cache on my proxy, so, all answers are cached for the domain ttl's
- Checked accessibility from different providers and regions of country - no visible problems.
So, as I'm not an Android developer, I want to know, are there any way on debug third-party apps on my android device via USB debugger and Android SDK tools. I need deep logging of the process of name resolution to detect, where are source of the problem.
Also, if you want, you can check my DoH server on https://dns.mihanentalpo.me (you can try it with awesome dnslookup tool, or by writing dns.mihanentalpo.me into your android Private DNS setting, beware, some domains are short-circuit to the same server to "blackhole" them)
Update:
I've dumped logcat of the Android device while trying to open some applications that are usually suffer from DNS problems with my DNS server. And I got folowing messages:
java.net.UnknownHostException: Unable to resolve host "relaycn.icloseli.com": No address associated with hostname
at java.net.Inet6AddressImpl.lookupHostByName(Inet6AddressImpl.java:156)
at java.net.Inet6AddressImpl.lookupAllHostAddr(Inet6AddressImpl.java:103)
at java.net.InetAddress.getByName(InetAddress.java:1106)
at com.v3.clsdk.session.CLSessionRouter$b.a(CLSessionRouter.java:24)
at com.v3.clsdk.session.CLSessionRouter$b.call(CLSessionRouter.java:1)
at java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
at java.lang.Thread.run(Thread.java:1012)
Caused by: android.system.GaiException: android_getaddrinfo failed: EAI_NODATA (No address associated with hostname)
at libcore.io.Linux.android_getaddrinfo(Native Method)
at libcore.io.ForwardingOs.android_getaddrinfo(ForwardingOs.java:133)
at libcore.io.BlockGuardOs.android_getaddrinfo(BlockGuardOs.java:222)
at libcore.io.ForwardingOs.android_getaddrinfo(ForwardingOs.java:133)
at java.net.Inet6AddressImpl.lookupHostByName(Inet6AddressImpl.java:135)
Before this and after this are messages not related to the network problems. Also, I've filtered all logcat log by process ID, and also not found any other messages.
So, this is actually a "No address associated with hostname", but why does it happen? Maybe there are some timeout on name resolution? How to debug this problem at more deep level?
Update 2: I'll try to use dnscrypt-proxy, that I've already have and it's DoH functionality without my own implementation to see is it better or not.
Update 3: I've tried to use doh-server (DNS-over-HTTPS proxy server), instead of my self-written python-based DoH proxy, and now I have much less problems with my Android name resolution. I still has some, but not so much. So, it seems that part of the problem was in my server, but it still persists in some amount. I'll try to check adguard dns proxy, and check, maybe all problems would be gone. Althought, I still don't have a tool or a method of debugging DNS query on Android, that'll give me the root of the problem.