====== Rethink DNS + Firewall ======

[[https://rethinkdns.com/app|Rethink DNS + Firewall]] is the easiest way to monitor app activity, circumvent Internet censorship, block ads and trackers on your Android device.

\\
===== Download and install apk =====

Install RethinkDNS via [[en:phone:apps:f-droid|F-Droid]] - https://f-droid.org/en/packages/com.celzero.bravedns/.

\\
===== Configuration =====

These are just a few tips.\\
You will probably have to adjust other settings for your environment anyway.

\\
==== Rethink ====

\\
=== DNS ===

You can choose between many options.\\
Either use [[/en/server/services/dnscrypt|our DNScrypt server]] or any other DNScrypt server you like. DoH, DoT, ODoH and Rethinks-DNS-Server itself are also available. Even tor and SOCKS5 are included.\\
Also possible your [[/en/server/services/wireguard|own Wireguard server]] in combination with [[/en/server/services/adguardhome|your AdGuard Home server]].

\\
=== Firewall ===

Enable at least **//Block newly installed apps by default//** under **Configure** -> **Firewall** -> **Universall firewall rules**.

\\
==== Android ====

After the first start, it is important to set RethinkDNS as the main and only VPN connection in your Android system.\\
For that, got to **Settings** -> **Network & Internet** -> **VPN** ->  **Rethinks "Settings Symbol"** -> and enable both **Always-on VPN** and **Block connections without VPN**.

\\
===== Good to know =====

  * **KDE-connect** only works if the “**Do not router Private IPs**” option is activated. This only works if you have not activated the option “**Block connections without VPN**” in your Android settings under “**Always-on VPN**”.
  * **Be careful** if Rethink asks you again to allow or continue to block certain applications. Especially if it's just a number like 1021. It might be the case that you are allowing a bunch of applications to access the internet. Which you probably want to block! So check the number twice just in case.
  * If you need to use an **application that involves trackers**, simply use the “**Isolate Firewall**” option. Start the application and only give IPS/domains access to the Internet so that this application can run but keep the trackers still blocked.

\\
===== Example with and without RethinkDNS =====

Just a simple overview ([[https://digitalprivacy.diy/news/en/no-root-no-custom-rom-use-rethink-dns-firewall-instead|based on a Moto g34]]) of how many connections happen before and after setting up RethinkDNS + Firewall.\\
If you want to check it with your device, just use [[/en/extras/device_inspections|our "Device Inspections" tutorial]].

Before (packets = 775.847) and after (packets = 55.331)
{{:en:phone:apps:rethink-before.png?direct&1200 |775.847 packets):}}\\
{{:en:phone:apps:rethink-after.png?direct&1200 |55.331 packets}}