Saturday, July 04, 2020

How to bypass a website ban by DNS over HTTPS?

Recently I found that my default search engine DuckDuckGo ( was not opening in any web browser, while all other websites are working fine. In a basic troubleshooting, I found that my ISP ( ACT Fibrenet in Bengaluru, India) is blocking my DNS query to ( See my blog on Domain name service DNS ).
My DNS query to resolve gets a reply as IP address But actual IP address of is!.
So whom do the IP address belongs to? IP whois lookup gives this!
This IP belongs to my ISP, ACT Fibrenet . That shows my DNS query to google public DNS server is hijacked by my ISP, and given me one of their fake IP address, which takes me nowhere. So they blocked my access to So what is the way out?

Try DNS over HTTPS (DoH)

My ISP can capture DNS requests by a simple traffic capture on UDP port 53, and they can read my DNS requests as there is no encryption. So lets try enabling DoH, as DoH request are send on a HTTPS tunnel secured by SSL/TLS to the DNS server directly, which cannot be hijacked by the ISP. I enabled DNS over HTTPS in Google chrome ( I explained how to enable DoH in my earlier blog). And yes, now DoH done the job, bypassed the ISP ban, the website is opening now.

No comments:

Post a Comment