Git Product home page Git Product logo

Comments (3)

merdekaid avatar merdekaid commented on September 27, 2024

Copied from #316 (comment):

On December 30th 2023, some ISPs have blocked access to DoH/DoT domain
Our DNS service [dnscheck.tools] is also affected
Aside PT Netciti Persada, PT Jaringanku Sarana Nusantara (JSN) also started to blackholling DoH from their DNS, it seems Kominfo started to roll this to every ISP operated in Indonesia.
Thanks to National DNS regulation, changing plain DNS won't work so you are stuck with ISP DNS that is blocking access to DoH/DoT domain as you can see the result of nslookuping to Google DNS is hijacked to each ISP's DNS.
If you want to use DoH/DoT, writting the [resolver] domain on host file will work

A mobile web browser showing the error: "This site can't be reached. dnscheck.tools's server IP address could not be found."

Mobile web browser options: Use secure DNS → Choose another provider → Custom: https://security.cloudflare-dns.com/dns-query.

Transcription below.

~ $ curl -v https://security.cloudflare-dns.com/dns-query
* processing: https://security.cloudflare-dns.com/dns-query
*   Trying 0.0.0.0:443...
* connect to 0.0.0.0 port 443 failed: Connection refused
* Failed to connect to security.cloudflare-dns.com port 443 after 135 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to security.cloudflare-dns.com port 443 after 135 ms: Couldn't connect to server

Wtf is this

~ $ curl -v dns.bebasid.com
* processing: dns.bebasid.com
*   Trying 0.0.0.0:443...
* connect to 0.0.0.0 port 443 failed: Connection refused
* Failed to connect to dns.bebasid.com port 443 after 5260 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to dns.bebasid.com port 443 after 5260 ms: Couldn't connect to server

Transcription below.

~ $ nslookup dns.bebasid.com
nslookup dns.google
nslookup cloudflare-dns.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   dns.bebasid.com
Address: 0.0.0.0

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   dns.google
Address: 0.0.0.0

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   cloudflare-dns.com
Address: 0.0.0.0

Apologize for the correction, our DNS service is (dns.bebasid.com), not dnscheck.tools. dnscheck.tools is just a benchmark website to check if a DNSSEC and DNS performance and its not owned by us.

Anyway there's some inconsistent blocking on DoH/DoT service in Indonesia

These ISPs are confirmed to block Secure DNS service in Indonesia although its not consistent:

  • PT Mora Telematika Indonesia only blocks Google DoH/DoT by blackholling 8.8.8.8 and 8.8.4.4 on BGP level and 9.9.9.9 is also affected. (Fortunately, they forgot to blackhole 149.112.112.112 thus Quad9 still works)
  • PT Neticiti Persada only rely on port blocking yet the DNS that is currently affected is Cloudflare, Google, Quad9, and Adguard going to port 443 and 853.
  • PT Jaringanku Sarana Nusantara (JSN) blocks every DoH/DoT domain on its DNS however the IP is not affected as you can see the screenshot above

For PT Mora Telematika Indonesia:

For PT Netciti Persada:

Other ISPs that are suspected to follow latest Kominfo censorship suggestion to block popular DoH/DoT according to that video:

Also I suspect biggest telco here (PT Telkom Indonesia) at least have attempted before to block Cloudflare's DoH/DoT but they aren't blocking it anymore for now:

from bbs.

merdekaid avatar merdekaid commented on September 27, 2024

Also correction, the ISP is named PT Jaringanku Sarana Nusantara, not just Jaringan.

They are crazy for doing this.

from bbs.

merdekaid avatar merdekaid commented on September 27, 2024

PT Aplikasnusa Lintasarta also started to restrict DoH/DoT too, mainly popular one like Google, Cloudflare, AdGuard, Quad9 by blackholling it on their DNS, since port 53 is redirected as its mandated by Kominfo under National DNS, you will be stuck by their DNS blocking DoH/DoT domain

image

Not only that, I got a report that they are also redirect port 53 on IP Transit level, making whoever transit to them cannot change their DNS and have DoH/DoT blocked on their network

image

from bbs.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.