Comments (3)
Copied from #316 (comment):
On December 30th 2023, some ISPs have blocked access to DoH/DoT domain
Our DNS service [dnscheck.tools] is also affected
Aside PT Netciti Persada, PT Jaringanku Sarana Nusantara (JSN) also started to blackholling DoH from their DNS, it seems Kominfo started to roll this to every ISP operated in Indonesia.
Thanks to National DNS regulation, changing plain DNS won't work so you are stuck with ISP DNS that is blocking access to DoH/DoT domain as you can see the result of nslookuping to Google DNS is hijacked to each ISP's DNS.
If you want to use DoH/DoT, writting the [resolver] domain on host file will work~ $ curl -v https://security.cloudflare-dns.com/dns-query * processing: https://security.cloudflare-dns.com/dns-query * Trying 0.0.0.0:443... * connect to 0.0.0.0 port 443 failed: Connection refused * Failed to connect to security.cloudflare-dns.com port 443 after 135 ms: Couldn't connect to server * Closing connection curl: (7) Failed to connect to security.cloudflare-dns.com port 443 after 135 ms: Couldn't connect to server
Wtf is this
~ $ curl -v dns.bebasid.com * processing: dns.bebasid.com * Trying 0.0.0.0:443... * connect to 0.0.0.0 port 443 failed: Connection refused * Failed to connect to dns.bebasid.com port 443 after 5260 ms: Couldn't connect to server * Closing connection curl: (7) Failed to connect to dns.bebasid.com port 443 after 5260 ms: Couldn't connect to server
~ $ nslookup dns.bebasid.com nslookup dns.google nslookup cloudflare-dns.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: dns.bebasid.com Address: 0.0.0.0 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: dns.google Address: 0.0.0.0 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: cloudflare-dns.com Address: 0.0.0.0
Apologize for the correction, our DNS service is (dns.bebasid.com), not dnscheck.tools. dnscheck.tools is just a benchmark website to check if a DNSSEC and DNS performance and its not owned by us.
Anyway there's some inconsistent blocking on DoH/DoT service in Indonesia
These ISPs are confirmed to block Secure DNS service in Indonesia although its not consistent:
- PT Mora Telematika Indonesia only blocks Google DoH/DoT by blackholling 8.8.8.8 and 8.8.4.4 on BGP level and 9.9.9.9 is also affected. (Fortunately, they forgot to blackhole 149.112.112.112 thus Quad9 still works)
- PT Neticiti Persada only rely on port blocking yet the DNS that is currently affected is Cloudflare, Google, Quad9, and Adguard going to port 443 and 853.
- PT Jaringanku Sarana Nusantara (JSN) blocks every DoH/DoT domain on its DNS however the IP is not affected as you can see the screenshot above
For PT Mora Telematika Indonesia:
For PT Netciti Persada:
-
https://explorer.ooni.org/m/20231224095358.013369_ID_webconnectivity_61da54ba80163044 (Google)
-
https://explorer.ooni.org/m/20231222143553.043744_ID_webconnectivity_a47e098847ecb591 (Cloudflare)
Other ISPs that are suspected to follow latest Kominfo censorship suggestion to block popular DoH/DoT according to that video:
- https://explorer.ooni.org/m/20231222143738.085272_ID_webconnectivity_0ef8b4bc492339aa (PT Giga Network Solusindo)
Also I suspect biggest telco here (PT Telkom Indonesia) at least have attempted before to block Cloudflare's DoH/DoT but they aren't blocking it anymore for now:
from bbs.
Also correction, the ISP is named PT Jaringanku Sarana Nusantara, not just Jaringan.
They are crazy for doing this.
from bbs.
PT Aplikasnusa Lintasarta also started to restrict DoH/DoT too, mainly popular one like Google, Cloudflare, AdGuard, Quad9 by blackholling it on their DNS, since port 53 is redirected as its mandated by Kominfo under National DNS, you will be stuck by their DNS blocking DoH/DoT domain
Not only that, I got a report that they are also redirect port 53 on IP Transit level, making whoever transit to them cannot change their DNS and have DoH/DoT blocked on their network
from bbs.
Related Issues (20)
- Is it possible to implement a man-in-the-middle (MITM) tool to bypass censorship? HOT 13
- ss://
- Issues with Trading & Banking Apps and Google Services HOT 6
- Free livestream of FOCI, PETS, and HotPETs, 2024-07-15 to 2024-07-19 HOT 4
- Russia forces Apple to remove dozens of VPN apps from App Store HOT 5
- Turkmenistan:"Internet amnesty? 3 billion IP addresses, hosting and CDNs unblocked" (2024-07-17)
- Looking at the Clouds: Leveraging Pub/Sub Cloud Services for Censorship-Resistant Rendezvous Channels (Update)
- 使用Google新部署的W开头的中间证书签发的网站在TLS 1.2下100%阻断 / Sites issued with Google's newly deployed intermediate certificates starting with W are 100% blocked under TLS 1.2 HOT 7
- Throttling→blocking of YouTube in Russia, 2024-07-12 HOT 13
- Security Notions for Fully Encrypted Protocols (FOCI 2023) HOT 1
- shadowsocks 用户将被套杀,提前准备备用VPN / Shadowsocks will get killed, prepare a backup VPN in advance HOT 3
- Cbs: A Deep Learning Approach for Encrypted Traffic Classification with a Mixed Spatio-Temporal and Statistical Features Classification HOT 2
- List of copyright-related DNS blocks in Germany (CUII Lists) HOT 5
- Mekya Protocol: meek meets mKCP HOT 6
- Telegram connection in Canada is getting disrupted HOT 6
- How cryptography relates to Internet censorship circumvention (WAC7 presentation video)
- Malaysia redirects DNS to its own domestic servers HOT 2
- Cloudflare has enabled ECH (staged) HOT 17
- Home VPN Server App HOT 10
- Traefik cloudflare xui HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbs.