most time it will only be me who's the one using it anyway. So would just require on the router should be enough for me to access some websites that are not so friendly.

anything that may deem to be not so safe for work.

Try gomen’s favorite blogger – https://murrayhunter.substack.com

Still can access to this as previously did, on chrome android, connected to CF without DoH

Bro you are getting the hang of it hahaha 😆
Yeah a Pi will get you started 😜

never although I know it can do a lot of blocking of ads even for non android TV.

Means they haven’t implemented it for everyone or you already have secure/private DNS set in your Android (Connections/Network settings) or Chrome (Privacy & Security settings) setup. I think with some Android OEMs, the “Automatic” setting in the Private DNS section will default to Google DNS (using DoT) without any user interaction.

Just tested. Digi does block this site but with DOH on my phone, the site loads.

So, Digi doesn't/hasn't employed any hardcore blocking that cannot be circumvented?

If Digi can load with DOH, I don't see why it will not be the same with Unifi using DOH.

automatic will work, but private fails for now.

Adblocking + DoH both together in the Pi 😜

I'm not observing on my end but if TM is blocking DoT. I'm guessing DoH is unaffected as they would have to block https as a whole?

Not a networking expert, so I hope someone else with more knowledge can chime in here. From my limited understanding, you have hijacking of legacy/unencrypted/bareback DNS resolution happening either upstream (first or second hop outside your network) or locally (ISP provided router), which can be bypassed by using encrypted DNS. The other methods are firewall rules (or something similar) that blacklist sites which only a VPN can bypass (provided they aren’t blacklisting your VPN nodes as well). I know Maxis fiber does this for pr0n sites, maybe gambling sites too. I’m not sure which method (or combination of methods) all our different ISPs/telcos use here. Been on encrypted DNS (for KYC stuff) and VPNs (for non-KYC) for so long that I often can’t tell whenever ISPs are performing these perverted acts. Maybe one day when shit hits the fan and they start blocking TLS port 853 or ban VPN hostnames under the order of the cuntwaffles we voted for.


Seems to work for me. I don’t normally use Cloudflare (have a paid NextDNS account), but set it on my Android to test. Murray-chan still alive and kicking. Made a nice collage for you. Tested on both Unifi and Celcom.



This post has been edited by dev/numb: Sep 3 2024, 01:08 AM

I'm on M and T ISPs with DoT+Adguard
So far no issue
Cant belive TM being the first to implement a full lockdown

For anyone who host their own DNS Server on a raspberry pi or other Linux box, and has TM actively hijacking their DNS

May I request that you try out a specific niche protocol to see if they block it or not

Use, DNSCrypt-proxy, and connect to Quad9 over DNSCrypt
It's a lesser known and lesser heard of protocol

mine google dns asus router i can access website be it adult no problem for me

look google dns works noting problem for me

using:
primary dns: adg + dnscrypt-proxy (cloudflare, google and nextdns) - raspi4b
secondary dns: pihole + dnscrypt-proxy (cloudflare, google and nextdns) - inside proxmox-vm ubuntu24.04

still can access but cf seems not "too" responsive. sometimes appear at dnscheck.tools sometimes not.

This post has been edited by ahlong: Sep 2 2024, 11:02 PM

Yea, some other member here mentioned they have upgraded Nokia OLT. It should be at least XG-PON. It is just that I hope it is something better than XG-PON.

I had the same problem but I can confirmed the problem is gone after my 2Gbps Free Speed Upgrade.
Although I am still connected to the same OLT port and same BNG, latency has dropped significantly (from 100+ ms to only 4ms now).

I am using the exact same hardware, firmware and software. Didn't even unbox their ONR.

This post has been edited by kwss: Sep 3 2024, 12:10 AM

For people who has their DNS blocked, do you all mind to install nmap and run the following command?


Share your output here.

2 September 2024 01:00 AM yesterday on the dot. My internet completely stopped working. I had a feeling it was DNS. I changed a lot of things. I didn't think that they would block DoT and DoH completely.

24 hours later, I finally figured it out after remembering the news about our ISPs hijacking and poisoning our DNS. I visited this thread and voila, it really was DoT on my router.

Firefox Max Proctection DoH doesn't work. No internet.
Router DoT doesn't work. No internet.
Changing router plain DNS basically gets hijacked with TM's DNS poison.

What the f? 20+ years never had a problem. Today we're getting full censorship?