i confirm my DNS out there is DoH-only, and only Android Secure DNS cannot use it.
other OS platforms can use my DoH.

I was initially baffled why Cloudflare, Adguard, Google, Quad9 etc etc out there can work while mine can't.
Until I stumbled on articles that mentioned Android only support DoH with those 2 providers. and made me realise of course Android appeared worked with any random 3-party DNS out there; because they have both DoH and DoT on same IP address, so it gave the appearance of working (by actually using DoT) while I was expecting otherwise.

**** berdebat panjang-panjang pun tak bermakna

This post has been edited by Oltromen Ripot: Sep 11 2024, 04:47 PM

Years ago; yes.
Now; no more.
No well-known SSL vendor will issue IP-based certificate.

because in the era of anyone can buy shared hosting and VPS, issuing an IP certificate will also end up validating rogue tenants sharing the same "building" with you.

--

at least not without the requester jumping through hoops and loops to establish identity and demonstrate unrivalled ownership of the IP involved.
Google issued SSL for its own 8.8.8.8 using its own CA. 😅

--

self-signed CA;
import once to trust in each devices.
that's a potential solution for working around android's restriction.

putting DoH hostnames into the box requires looking up their IP addresses, but how to lookup their IP addresses if they themselves now-became the DNS resolver. catch-22.
i guess that Google and Cloudflare had their IP addresses hardcoded so their DoH can immediately be used without needing to look up IP in the first place.

(eh, but then how can it resolves DoT hostnames!? aaaaaarrrrgggghhhhhh)

Thank you.
I didn't have this yet.

And after checking, my current DNS provider does not support HTTPS-type yet.

(i don't have the capacity maintain uptime if i operate own nameservers.)

as yourself mentioned, the regular public DNS was subjected to TM hijacking in the first hours of their blockade.

so the intent is to set up a private DoH that is on publicly-accessible internet.
publicly-accessible means i can use it over any network, be it my Unifi fibre, Maxis fibre, and any mobile internet. Not landlocked to "only on wifi, at home".

using regular web server software to implement; i want to hide tell-tale signatures of a DoH to avoid it geing blocked or hijacked. of course there are more ways to eventually determine it's DoH traffic, but you'll need to be network admin with massive packet samples in order to come to that conclusion.

if caught, it would be easy to duplicate the set up to a new public IP.

--

i'm looking at changing DoH at system-level, not having to custom configure in every browser.
i already have no issue with windows, linux, iOS platforms using my DoH. only Android is refusing.

it's not that i reject using vpn and app-based altogether.
it's just that i want to avoid "cheat code" of going to that route. been thre, done that, it wasn't ideal as vpn and app will get interrupted and my work - and research purposes - gets disconnected and spill out on plain internet.
using vpn and app would be easy, but not challenging.
as it is, i had to reread DNS protocol and BIND that i had not touched for nearly a decade, and learn of DoH and QUIC. it wasn't a loss building this.

This post has been edited by Oltromen Ripot: Sep 12 2024, 11:53 AM

inb4 TM's BGP(?) route hijacking escaped into the wild

/me kidding

no downtime yet for past 2yrs.
not that i noticed.
and comes with wireless failover dongle.

yes. i think plan also to be of certain minimum.

maxis' 4G backup dongle is delivered separately.
don't know why not at same time with the fibre install.

your existing normal postpaid line have to convert+join with fibre, to become "postpaid unlimited", then apply to add RM0 4G backup line. 1yr contract for the 4G backup.
you might get SIM right away, but dongle is delivered separately a week later. can only exclusively plugged into maxis-given router for it to function.

why didn't unifi provide the same using Unifi Air... i know its coverage is not pervasive as maxis, but it would have been a selling point.

inb4 unifi overconfigsent fibre won't be down, and EVERY ONE including maxis are running over same HSBB anyway.

crossposting from Maxis fibre thread.

don't they need to pay for the terabytes traversing each foreign pipes?
no urgency to reduce charges?

default to CGNAT, regardless of subscription.

... but you can add-on switch to public IPv4 for RM10/mth.

i read vaguely about all the routing sheenanigans on the previous few pages.

but, possible that they started doing transparent firewall instead?

Maxis have its own infra and also ride on top of HSBB.

Which fibre wire is available in your area can affect which package is available and potential promo or no-promo pricing.

just reboot your deco using the app.

Jangan Tanya Soalan Susah™
diorang pun mau cuti 16Sept

*sigh*

maxis also have home fixed line with fibre service.

no lah. not compulsory.
you can have fibre-only
or you can have fibre and mobile in different account,
or you can have fibre and mobile in one account.

if you have fibre and mobile in one account,
1) then your mobile (+ supplementary) gets upgraded to become unlimited.
2) you can add-on free 4G backup dongle to your maxis-provided gateway, as failover

regardless of mobile subscription.

i'm not sure if it's on-going, but yes, maxis fibre can be cheaper on maxis own infra.

something that can't or won't be emulated on HSBB.

it's a captive market. it's almost common and certain you'll only have 1 fibre provider at an area.
even if my cost is lower than my competitor, if he is selling at such and such price, i would consider setting my price somewhat near to that as well. he reap RM1, i can reap RM1.50, oklah.....

Mu home Unifi suddenly experiencing quite a slowdown.

better only in terms of 1GbE (white) against 2.5GbE (black).

this forum board is suddenly responding very slowly for past 2hrs. on maxis mobile and on unifi.