You talking about that muppet Fahmi or someone else?

You don’t really need to have encrypted DNS capabilities on your router (although it’s good to have, no doubt) since any modern OS or browser can do it. In fact, most would recommend setting DoH/DoT on a per-device basis even if you have the feature on the router anyway, simply as an extra layer and also for when you’re outside your local network (eg: using mobile data).

Try gomen’s favorite blogger – https://murrayhunter.substack.com

Means they haven’t implemented it for everyone or you already have secure/private DNS set in your Android (Connections/Network settings) or Chrome (Privacy & Security settings) setup. I think with some Android OEMs, the “Automatic” setting in the Private DNS section will default to Google DNS (using DoT) without any user interaction.

Not a networking expert, so I hope someone else with more knowledge can chime in here. From my limited understanding, you have hijacking of legacy/unencrypted/bareback DNS resolution happening either upstream (first or second hop outside your network) or locally (ISP provided router), which can be bypassed by using encrypted DNS. The other methods are firewall rules (or something similar) that blacklist sites which only a VPN can bypass (provided they aren’t blacklisting your VPN nodes as well). I know Maxis fiber does this for pr0n sites, maybe gambling sites too. I’m not sure which method (or combination of methods) all our different ISPs/telcos use here. Been on encrypted DNS (for KYC stuff) and VPNs (for non-KYC) for so long that I often can’t tell whenever ISPs are performing these perverted acts. Maybe one day when shit hits the fan and they start blocking TLS port 853 or ban VPN hostnames under the order of the cuntwaffles we voted for.


Seems to work for me. I don’t normally use Cloudflare (have a paid NextDNS account), but set it on my Android to test. Murray-chan still alive and kicking. Made a nice collage for you. Tested on both Unifi and Celcom.



This post has been edited by dev/numb: Sep 3 2024, 01:08 AM

This is probably a good thing. Means they cannot MiTM an encrypted connection and redirect you. Can only block the hostname/IP outright. The question now becomes why you are experiencing this and I am not. Are they doing this in stages or is it perhaps being done locally by the newer ONU (mine’s the old white Huawei) boxes?

This post has been edited by dev/numb: Sep 3 2024, 06:37 PM

Heads up for anyone using free NextDNS accounts for ad/tracker blocking. Remember to tick the 3 boxes in the Performance sub-section under the Settings tab. Especially the Cache Boost option, because without that you will likely reach your 300k query limit sooner than you realize. Also, the anexia-kul and premiumdrp-kul are (historically) the best local servers for us wrt latency.


Pharmianaga cartel. Go check the prices of your basic vitamin supplements on iHerb and compare with the daylight robbery you’re charged at your local pharmacy. Of course, their excuse “for your safety”. Just like how all this DNS blocking/redirecting is “for your safety. Topkek, first time you hear that bareback DNS is safer. Next they’ll ask you to fuck without condoms.

This post has been edited by dev/numb: Sep 3 2024, 10:46 PM

They just don’t deem it “evil” enough to hijack/redirect 8.8.8.8 queries. Not “evil” like Uncle Murray who they deem enemy of the state for some reason.. You can try turning off 8.8.8.8 and using ISP DNS and see if it loads. I know during the height of Covid it wouldn’t load under TM’s own DNS. But after iHerb created a ml.iherb domain for us I’m not sure if any alternative DNS was ever truly needed.

This post has been edited by dev/numb: Sep 3 2024, 10:57 PM

Do not trust fully trust privacytools.io!! The owner sold out and now is a NordVPN affiliate. You might be able to find useful knowledge from members on the forum section, but If you truly care about privacy you be wary of the main site’s recommended services. If privacy isn’t your main concern and you simply want to get past regional blocks, then it is fine. Fyi, the old contributors moved and created privacyguides.org.

Also fwiw, Mullvad’s Singapore, Thai, Hong Kong and Indonesia nodes have been unusable on Unfi from 9pm-2am for the past few weeks, and honestly had been hit and miss since MCO days. This is more TM’s fault than Mullvad’s. Japan (jp-tyo-wg-001,002,003) is the closest location with stable packet flow during those times, (at the expense of higher latency). Sincerely speaking, Mullvad isn’t the best VPN for Unifi hostages.

This post has been edited by dev/numb: Sep 4 2024, 04:37 PM

If you want a filterlist that does not break your socmed and e-commerce apps/sites, best is probably OISD.
See here if you need setup guidance; https://github.com/yokoffing/NextDNS-Config

I tried just now. Can.
AdGuard DoH in browser on Unifi (JB) and Celcom both can load the site.

AdGuard’s DNS routing is funky though. On Unifi, it’s an AdGuard resolver based in Istanbul. On Celcom, it’s a Singapore AdGuard resolver, but I see a ton of CloudFlare chloe hostnames listed also. Creepy.

Oi, why did you have to mention Mullvad?!! DNS is one thing, but if those TM halfwits lurking here get any ideas and block the entire domain and prevent me from connecting to the VPN service, I will do to you what Liam Neeson famously does to people who kidnap his daughter.

This post has been edited by dev/numb: Sep 4 2024, 09:31 PM

Their servers are slow, but don’t suffer (at least not as often) from the usual packet loss and latency spikes Unifi users experience with many other VPN provider’s servers after 9pm. Fastest seems to be their SG-SMRT node, but it’s still relatively slow. Of you want to try them, don’t bother with the usual subscriptions. Go to their website and choose the “Build a Plan” option. Choose Singapore, Malaysia and Japan for USD3/month. It’s non-renewing so just try it out for a month to see if you’re satisfied.

This thread has been entertaining. The ending will likely be tragic and all of us will probably end up slitting our wrists, but at least we managed to get a few laughs in.

If you want whatever you are using to continue working, I suggest you remove the contents of your post, proto.

Please elaborate. Over WireGuard means it’s technically a VPN already, right?

Are you out of contract already? Maybe these so called free upgrades have some small print stating you’ll be tied to a new contract.

Sorry bang, I tak paham.

So the WireGuard tunnel is only for DNS queries but the rest (eg: loading site assets) of the packets are moving outside the tunnel?

Careful bro. Nanti malam ada orang ketuk you punya pintu.

Wait, what?! I’ve been visiting this thread too often lately so when you said socks, first thought was socks5
You mean actual socks, like the sexy kind? Apa story? For science, of course.

This post has been edited by dev/numb: Sep 6 2024, 04:49 PM