- Edited
rdns dev here
GlytchMeister definitely interested in a guide... And even more interested in a "RethinkDNS for Dummies" sort of guide.
I put an ad-hoc one on our subreddit: https://www.reddit.com/r/rethinkdns/comments/12ta9zo/configure_app_for_optimal_use/ / mirror: https://archive.is/Krcoh
The gist is, allow only what you trust.
- From Configure -> Firewall -> Universal firewall rules, turn ON
- Block when device is locked
- Block newly installed apps by default
- (if you're feeling particularly adventurous) Block when DNS is bypassed
- Go to Configure -> Apps, then tap on the wifi and mobile icons 🛜📶 to block all apps.
- Search for apps you use (for me, its 7 apps of the over 400 installed), and either Bypass Universal them or Isolate them.
- If you Isolate the app, you'll have to set up trust / allow rules for domains or IPs, over a period of time. Pretty time consuming, but once setup, it works flawlessly.
- Bypass Universal an app named Google Play services, which is usually responsible for Push Notifications / Gaming / Backups / Payments and other such functionalities apps installed from the Play Store depend on, without which they usually don't work.
- Search for apps you use (for me, its 7 apps of the over 400 installed), and either Bypass Universal them or Isolate them.
- From Configure -> DNS, choose or setup your favourite DNS provider. I prefer Oblivious DNS over HTTPS endpoints but there aren't many. You can also leave the default DNS settings as-is; or...
- Turn ON Advanced DNS filtering (which is experimental and may cause connectivity issues), to make sure domain to IP address mapping isn't polluted. For example, when multiple domain names (
youtube.com,mtalk.google.com,googleapis.com) may point to a same set of IP addresses (all owned by Google and hence may be used interchangeably), the Stats and per-app domain rules may behave in funny ways. With Advanced DNS filtering (which has other bugs) will possibly not. - Turn ON Prevent DNS leaks to trap apps sending DNS traffic themselves. This setting may break notifications for some apps.
- Turn ON Never proxy DNS if you face connectivity issues with using your preferred DNS upstream with an egress proxy setup within Rethink (SOCKS5, Tor, or WireGuard).
- Turn ON Advanced DNS filtering (which is experimental and may cause connectivity issues), to make sure domain to IP address mapping isn't polluted. For example, when multiple domain names (
- In Configure -> Network, you may
- Set Choose IP version to Auto and turn ON Perform connectivity checks (if you're on networks that perform 4to6 translations).
- Turn ON Use all available networks, if you'd want Rethink to use either wifi or mobile at the same time. Make sure you've got enough juice on mobile data, as it is usually prohibitively expensive in some countries.
- Leave everything else in there turned OFF, unless you like living dangerously.
- Set Choose IP version to Auto and turn ON Perform connectivity checks (if you're on networks that perform 4to6 translations).
- Optionally setup WireGuard from Configure -> Proxy -> Setup WireGuard, either in Simple mode (single WireGuard, all apps routed through it, unless Bypass app from all proxies is set for that particular app) or Advanced mode (multiple WireGuards, split tunneled, manually choose apps to route through them).
Rethink has grown to be a Frankenstein monster and I get a lot of emails on how difficult it is to use, but someday someone from the community will write one true guide to setup Rethink so I can point everyone to it.
