Exclude private DNS servers in non filtering mode / subnet routing

app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java

@@ -1297,11 +1297,23 @@ public class ServiceSinkhole extends VpnService implements SharedPreferences.OnS
                 listExclude.add(new IPUtil.CIDR("192.168.0.0", 16));
             }
 
-            if (!filter)
+            if (!filter) {
                 for (InetAddress dns : getDns(ServiceSinkhole.this))
                     if (dns instanceof Inet4Address)
                         listExclude.add(new IPUtil.CIDR(dns.getHostAddress(), 32));
 
+                String dns_specifier = Util.getPrivateDnsSpecifier(ServiceSinkhole.this);
+                if (!TextUtils.isEmpty(dns_specifier))
+                    try {
+                        Log.i(TAG, "Resolving private dns=" + dns_specifier);
+                        for (InetAddress pdns : InetAddress.getAllByName(dns_specifier))
+                            if (pdns instanceof Inet4Address)
+                                listExclude.add(new IPUtil.CIDR(pdns.getHostAddress(), 32));
+                    } catch (Throwable ex) {
+                        Log.e(TAG, ex.toString());
+                    }
+            }
+
             // https://en.wikipedia.org/wiki/Mobile_country_code
             Configuration config = getResources().getConfiguration();
 

app/src/main/java/eu/faircode/netguard/Util.java

@@ -250,6 +250,14 @@ public class Util {
         return (!"off".equals(dns_mode));
     }
 
+    public static String getPrivateDnsSpecifier(Context context) {
+        String dns_mode = Settings.Global.getString(context.getContentResolver(), "private_dns_mode");
+        if ("hostname".equals(dns_mode))
+            return Settings.Global.getString(context.getContentResolver(), "private_dns_specifier");
+        else
+            return null;
+    }
+
     public static String getNetworkGeneration(int networkType) {
         switch (networkType) {
             case TelephonyManager.NETWORK_TYPE_1xRTT: