blocking doh - speedtest ios app from Ookla

johnpoz

So was doing a bit of testing with this today. And pretty freaking sure it wasn't doing this before.. But now its giving me this

I don't recall it doing it earlier in the day.. So not sure if my blocking of doh was not working, and playing around with unbound for another thread where someone was asking for views or what fixed that? But now seeing this.

Or if they just started doing doh? I took a look at my logs and sure enough my doh blocking rule was triggering... Upon further investigation it attempts to use the top 3 doh servers

I know a few people around here are also blocking doh, and was just curious if anyone else has noticed this app started using doh.. Or if I had something borked in my blocking? And its always been using doh? Or at least for some time and I just hadn't noticed. I have not done a local speed test of my wifi in quite some time at home. And earlier today I was tested with 5G and no my local wifi, so maybe the app doh queries worked, and it had that cached when I was doing local wifi testing? So it didn't pop up this error?

Even with that error when you launch the app - the speedtest still works. So they not using doh to find test servers, seems just to check if you have internet access..

If I can not find a way to turn it off - this is the end of my use of that app.. If you want to offer up using doh that is fine, but better freaking let the user know that your doing it.. Ticks me off!! ;)

jrey

@johnpoz

No changes have been made on the netgate. (23.09.1)
I don't run speed test that often but, why not give it a try.

can confirm the same results you are showing above on mobile device,

not showing this on a desktop version of speedtest it works

on the mobile device - if you tap the red go circle it still does the test.

oddly enough if I force kill the app, I drop the mobile device off the network and go LTE, it does the same thing. except now when you tap the go circle, "error: Can't reach speedtest....." and it does not work.

would have to setup a packet capture to see, but sorry no time to play today.

johnpoz

@jrey said in blocking doh - speedtest ios app from Ookla:

not showing this on a desktop version of speedtest it works

yeah same - desktop app not doing it. And rules are the same for my lan where desktop sits that my wireless is using.

Wonder if desktop app is older version than one on phone.

If you get any time to play with it, be interested in your findings. I didn't keep looking to see if tries any other known doh servers. But it for sure tries those top 3 players. I setup the different unique IPs just for that reason to know which service clients are attempting to use.

What ticks me off the most about apps doing such a thing - is not that they can do it, but that they do it without user acknowledgement.. You should use the freaking dns provided to the OS the app is running on, or specific dns set in the app by the user.

Using anything other than the dns the OS has set without full user consent is utter BS...

SteveITS

@johnpoz said in blocking doh - speedtest ios app from Ookla:

You should use the freaking dns provided

I've posted before, but the Dish (satellite) video on demand uses DoH even though the Dish DVR on which it's running uses DNS. Took me a bit to figure out why it wasn't working.

I have a "network utility" type app on my phone and it also uses public DNS instead of my DNS, for its DNS test.