Saturday, July 04, 2020

How to bypass a website ban by DNS over HTTPS?

Recently I found that my default search engine DuckDuckGo (duckduckgo.com) was not opening in any web browser, while all other websites are working fine. In a basic troubleshooting, I found that my ISP ( ACT Fibrenet in Bengaluru, India) is blocking my DNS query to duckduckgo.com. ( See my blog on Domain name service DNS ).
My DNS query to resolve duckduckgo.com gets a reply as IP address 202.83.21.15. But actual IP address of duckduckgo.com is 52.149.246.39!.
So whom do the IP address 202.83.21.15 belongs to? IP whois lookup gives this!
This IP belongs to my ISP, ACT Fibrenet . That shows my DNS query to google public DNS server 8.8.8.8 is hijacked by my ISP, and given me one of their fake IP address, which takes me nowhere. So they blocked my access to duckduckgo.com. So what is the way out?

Try DNS over HTTPS (DoH)

My ISP can capture DNS requests by a simple traffic capture on UDP port 53, and they can read my DNS requests as there is no encryption. So lets try enabling DoH, as DoH request are send on a HTTPS tunnel secured by SSL/TLS to the DNS server directly, which cannot be hijacked by the ISP. I enabled DNS over HTTPS in Google chrome ( I explained how to enable DoH in my earlier blog). And yes, now DoH done the job, bypassed the ISP ban, the website duckduckgo.com is opening now.

No comments:

Post a Comment