Am always confused about use an app like rethinkdns, invizible pro, adguard, etc. to manage dns requests on my phone or just use the private dns ?
Is there any privacy advantage or security concern over them ? When i use an app, all dns queries can be routed through my preffered dns (like in a bloated phone all tracking requests can be blocked) ? Private dns is easy for the system to bypass ?
I always use rethinkdns and block bypassed dns, so i think now every dns is routed through rethinkdns and its impossible to cause a leak. Is that a myth as no dns app can provide that much privacy or security ?
How effective is an application firewall than a network level firewall like nextdns ?
Allover question is, may i use a application firewall or network level firewall ?
As best I understand it, running a private caching DNS server is the only guaranteed increase in privacy for DNS. That server still has to reach out to the net the first time a request is made, but will resolve all subsequent requests locally. DNSSEC to a privacy respecting DNS provider like quad9 at 149.112.112.112 from your local DNS server. Mayhaps the best you could do for a roaming device like a phone is to run a decent VPN with an option to prevent DNS leaks.