A bit of heads up.
For people using my Amazon method for DNS bypass, there is a problem with TM DNS poisoning. It will cache negative respond.
TL;DR: Do not try the URL until the distribution deployment is completed!

The event go like this:
1. You create a distribution
2. You try it before the distribution is completely deployed
3. TM DNS cached the negative response and keep returning the negative response.
4. The poisoned cache finally expires and it now returns the correct distribution IP address (after an hour or so)

To whoever reported this, thank you!

I think my contract with unifi already ended last month but why I didn’t receive call geh it is I have to pura pura terminate my account with tm first then only they will counter offer?

Nmap scan report for dns.google (8.8.8.8)
Other addresses for dns.google (not scanned): 2001:4860:4860::8888 2001:4860:4860::8844 8.8.4.4

PORT STATE SERVICE VERSION
53/tcp filtered domain
443/tcp filtered https
853/tcp filtered domain-s

Nmap scan report for dns9.quad9.net (9.9.9.9)

PORT STATE SERVICE VERSION
53/tcp filtered domain
443/tcp filtered https
853/tcp filtered domain-s

FYI-I am currently not having dns poisoning.

This post has been edited by go626201: Sep 3 2024, 01:48 AM

How come all the ports are filtered? Did you have some firewall rule to prevent your network from leaking DNS?

Emm i dont think so,my firewall filter rule is the original that came with mikrotik.

Based on your nmap output, Google and Quad9 DNS is totally blocked.
Can you double check again if they are working as intended and not hijacked?

i not sure if i blocked

C:\Program Files (x86)\Nmap>nmap -sCV -Pn -p 53,443,853 dns.google
Starting Nmap 7.95 ( https://nmap.org ) at 2024-09-03 09:10 Malay Peninsula Standard Time
Nmap scan report for dns.google (8.8.4.4)
Host is up (0.022s latency).
Other addresses for dns.google (not scanned): 2001:4860:4860::8888 2001:4860:4860::8844 8.8.8.8

PORT STATE SERVICE VERSION
53/tcp open tcpwrapped
| dns-nsid:
|_ bind.version: unbound 1.13.2
443/tcp open tcpwrapped
| http-server-header:
| HTTP server (unknown)
|_ scaffolding on HTTPServer2
| ssl-cert: Subject: commonName=dns.google
| Subject Alternative Name: DNS:dns.google, DNS:dns.google.com, DNS:*.dns.google.com, DNS:8888.google, DNS:dns64.dns.google, IP Address:8.8.8.8, IP Address:8.8.4.4, IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:2001:4860:4860:0:0:0:0:8844, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:64
| Not valid before: 2024-08-05T07:20:13
|_Not valid after: 2024-10-28T07:20:12
|_ssl-date: TLS randomness does not represent time
853/tcp open tcpwrapped
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=dns.google
| Subject Alternative Name: DNS:dns.google, DNS:dns.google.com, DNS:*.dns.google.com, DNS:8888.google, DNS:dns64.dns.google, IP Address:8.8.8.8, IP Address:8.8.4.4, IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:2001:4860:4860:0:0:0:0:8844, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:64
| Not valid before: 2024-08-05T07:20:13
|_Not valid after: 2024-10-28T07:20:12

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.10 seconds

C:\Program Files (x86)\Nmap>nmap -sCV -Pn -p 53,443,853 9.9.9.9
Starting Nmap 7.95 ( https://nmap.org ) at 2024-09-03 09:12 Malay Peninsula Standard Time
Nmap scan report for dns9.quad9.net (9.9.9.9)
Host is up (0.049s latency).

PORT STATE SERVICE VERSION
53/tcp open domain Unbound 1.13.2
| dns-nsid:
|_ bind.version: unbound 1.13.2
443/tcp open ssl/https
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=dns.quad9.net/organizationName=Quad9/stateOrProvinceName=Zurich/countryName=CH
| Subject Alternative Name: DNS:dns.quad9.net, DNS:dns-nosec.quad9.net, DNS:doh-brave.quad9.net, DNS:dns.resolver.quad9.net, DNS:alpha-dns.quad9.net, DNS:beta-dns.quad9.net, DNS:dns9.quad9.net, DNS:dns10.quad9.net, DNS:dns11.quad9.net, DNS:dns12.quad9.net, DNS:dns13.quad9.net, DNS:dns14.quad9.net, DNS:dns15.quad9.net, DNS:dns254.quad9.net, DNS:mozilla.quad9.net, IP Address:9.9.9.9, IP Address:9.9.9.10, IP Address:9.9.9.11, IP Address:9.9.9.12, IP Address:9.9.9.13, IP Address:9.9.9.14, IP Address:9.9.9.15, IP Address:149.112.112.9, IP Address:149.112.112.10, IP Address:149.112.112.11, IP Address:149.112.112.12, IP Address:149.112.112.13, IP Address:149.112.112.14, IP Address:149.112.112.15, IP Address:149.112.112.112, IP Address:2620:FE:0:0:0:0:0:FE, IP Address:2620:FE:0:0:0:0:0:9, IP Address:2620:FE:0:0:0:0:0:10, IP Address:2620:FE:0:0:0:0:0:11, IP Address:2620:FE:0:0:0:0:0:12, IP Address:2620:FE:0:0:0:0:0:13, IP Address:2620:FE:0:0:0:0:0:14, IP Address:2620:FE:0:0:0:0:0:15, IP Address:2620:FE:0:0:0:0:FE:9, IP Address:2620:FE:0:0:0:0:FE:10, IP Address:2620:FE:0:0:0:0:FE:11, IP Address:2620:FE:0:0:0:0:FE:12, IP Address:2620:FE:0:0:0:0:FE:13, IP Address:2620:FE:0:0:0:0:FE:14, IP Address:2620:FE:0:0:0:0:FE:15
| Not valid before: 2024-07-17T00:00:00
|_Not valid after: 2025-07-16T23:59:59
|_http-server-header: h2o/dnsdist
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
853/tcp open ssl/domain (unknown banner: Q9-P-7.5)
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
| bind
|_ Q9-P-7.5
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=dns.quad9.net/organizationName=Quad9/stateOrProvinceName=Zurich/countryName=CH
| Subject Alternative Name: DNS:dns.quad9.net, DNS:dns-nosec.quad9.net, DNS:doh-brave.quad9.net, DNS:dns.resolver.quad9.net, DNS:alpha-dns.quad9.net, DNS:beta-dns.quad9.net, DNS:dns9.quad9.net, DNS:dns10.quad9.net, DNS:dns11.quad9.net, DNS:dns12.quad9.net, DNS:dns13.quad9.net, DNS:dns14.quad9.net, DNS:dns15.quad9.net, DNS:dns254.quad9.net, DNS:mozilla.quad9.net, IP Address:9.9.9.9, IP Address:9.9.9.10, IP Address:9.9.9.11, IP Address:9.9.9.12, IP Address:9.9.9.13, IP Address:9.9.9.14, IP Address:9.9.9.15, IP Address:149.112.112.9, IP Address:149.112.112.10, IP Address:149.112.112.11, IP Address:149.112.112.12, IP Address:149.112.112.13, IP Address:149.112.112.14, IP Address:149.112.112.15, IP Address:149.112.112.112, IP Address:2620:FE:0:0:0:0:0:FE, IP Address:2620:FE:0:0:0:0:0:9, IP Address:2620:FE:0:0:0:0:0:10, IP Address:2620:FE:0:0:0:0:0:11, IP Address:2620:FE:0:0:0:0:0:12, IP Address:2620:FE:0:0:0:0:0:13, IP Address:2620:FE:0:0:0:0:0:14, IP Address:2620:FE:0:0:0:0:0:15, IP Address:2620:FE:0:0:0:0:FE:9, IP Address:2620:FE:0:0:0:0:FE:10, IP Address:2620:FE:0:0:0:0:FE:11, IP Address:2620:FE:0:0:0:0:FE:12, IP Address:2620:FE:0:0:0:0:FE:13, IP Address:2620:FE:0:0:0:0:FE:14, IP Address:2620:FE:0:0:0:0:FE:15
| Not valid before: 2024-07-17T00:00:00
|_Not valid after: 2025-07-16T23:59:59
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port853-TCP:V=7.95%T=SSL%I=7%D=9/3%Time=66D6627B%P=i686-pc-windows-wind
SF:ows%r(DNSVersionBindReqTCP,35,"\x003\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\
SF:x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0}q\0\t\x08Q9-P-
SF:7\.5");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.69 seconds

This post has been edited by raizer99: Sep 3 2024, 09:18 AM

To avoid termination risk and losing port, try switch to Maxis with 6 months free bill, then TM will counter offer before they approve your transfer. Otherwise, direct go to Tmpoint and ask for SWU plan.

This post has been edited by YoungMan: Sep 3 2024, 09:22 AM

For those more knowledgeable about these things: is there a way they can block DoH without just IP blocking the DNS provider (Google, Cloudflare, quad9, etc.)?

I understand DoT can be blocked by blocking port 853.

Yes, DOH can be block.Blocks encrypted DNS, VPN, TOR, Proxies = 3k+ domain entries from what I read.

Because DoH runs on HTTPS which most of the internet runs on, it is unlikely to just block DoH without IP blocking

If I'm not mistaken, blocking DoH means they have to block HTTPS which frankly is not going to happen.

Blocking IPs and domain. Some of the IPs and domains are listed here.

Refer here.

Also, please refer here for better clear explanation.

From what i observed and check and test.
It is still working without any hijacking.

Just tried to use google dns only,and dns leak test show the correct Google server in Singapore.

Setting DoH on my Windows 11, also still fail, dnsleaktest showing DNS server at Bentong..

I noticed if you did not connect to VPN, the DNS will redirect to TM DNS. If you connect to VPN, regardless of which DNS you configured, it will redirect to Google DNS. Not sure will our ISP collect our personal data information from Google? Or else why only Google DNS is being shown while not Cloudflare, OpenDNS and etc?

This post has been edited by Jeffreynsx: Sep 3 2024, 12:44 PM

It is a waste of time to enable secured DNS for both DOH and DOT as both of it is not working. For those who yet to take any SWU package, please hold on first as this Transparent Proxy thingy will apply to those who signed the new contract with TM. This is what I noticed so far among the users out there. I am kind of regret to take the SWU package that being treated just like that. Imagine you pay every month to your ISP and they put poison to your DNS without seeking your advise. It is against our personal rights already.

This post has been edited by Jeffreynsx: Sep 3 2024, 12:54 PM

Have you try to disable & re-enable back your NIC after you set the DoH in Windows?

The posters above answered that the only way to block DoH is by blocking the Domain and IP of the public DNS provider so no one can make queries. I understand if they blocked DoT by blocking the associated port, but how is it possible that they are blocking DoH AND DoT but only for specific users?

Transparent Proxy should only apply if you are using neither DoT nor DoH, to my understanding.

If you read the recent comments given by different users, some user can access without issue while some totally cannot access despite using own router. If you mentioned it apply for all, then why some people still can access using DOT and DOH? I'm wonder how they evaluate our Internet usage and imposed this type of policy to end users? I'm planning to terminate my SWU package after received this type of treatment.

This post has been edited by Jeffreynsx: Sep 3 2024, 01:26 PM