Official TM UniFi High Speed Broadband Thread V42

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Topic Closed RSS Feed

11 Pages « < 3 4 5 6 7 > » Bottom

Outline · [ Standard ] · Linear+

Unifi Official TM UniFi High Speed Broadband Thread V42, READ 1ST PAGE FOR RELEVANT WIFI INFO!

views

go626201	Sep 5 2024, 03:42 PM Return to original view \| IPv6 \| Post #81
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(issac99289928 @ Sep 5 2024, 03:35 PM) look on the bright side , there will be less congestion on the network after the dns stuff is fully implemented . some cannot handle the dns stuff and result in consuming less bandwidth accessing especially the foreign servers.it is in the interest of TM to go the extra mile. I dont think so,as they will be a lot of user just straight enable vpn which will be the easiest way to mitigate routing and dns issue. Which will add some % of bandwidth toward foreign server.
Card PM	Report Top Like Quote Reply

go626201	Sep 5 2024, 08:48 PM Return to original view \| IPv6 \| Post #82
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(aniq8676 @ Sep 5 2024, 08:46 PM) Google DNS = BLOCK⛔️ Cloudflare DNS = BLOCK⛔️ OpenDNS = BLOCK⛔️ Quad9 DNS = BLOCK⛔️ AdGuard DNS = BLOCK⛔️ Who's next? Dont ask and maybe no more dns server ban. PRSXFENG and countingcrows liked this post
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 01:06 AM Return to original view \| IPv6 \| Post #83
Regular Senior Member 1,882 posts Joined: Sep 2017	Guys,just found out my area also start dns poisoning. I just take a look on my smartdns log and found out this: QUOTE [2024-09-05 17:04:41,591][ WARN][ dns_client.c:3319] Handshake with 1.0.0.1 failed, Connection refused [2024-09-05 17:04:41,603][ WARN][ dns_client.c:3319] Handshake with 8.8.8.8 failed, Connection refused [2024-09-05 17:04:41,606][ WARN][ dns_client.c:3201] peer server 104.16.249.249 certificate verify failed, unable to get local issuer certificate [2024-09-05 17:04:41,606][ WARN][ dns_client.c:3203] peer CN: dns.tm.net.my [2024-09-05 17:04:41,606][ WARN][ dns_client.c:3338] peer 104.16.249.249 verify failed. [2024-09-05 17:04:41,609][ WARN][ dns_client.c:3201] peer server 8.8.4.4 certificate verify failed, unable to get local issuer certificate [2024-09-05 17:04:41,609][ WARN][ dns_client.c:3203] peer CN: dns.tm.net.my [2024-09-05 17:04:41,609][ WARN][ dns_client.c:3338] peer 8.8.4.4 verify failed. [2024-09-05 17:04:41,611][ WARN][ dns_client.c:3201] peer server 1.1.1.1 certificate verify failed, unable to get local issuer certificate [2024-09-05 17:04:41,611][ WARN][ dns_client.c:3203] peer CN: dns.tm.net.my [2024-09-05 17:04:41,611][ WARN][ dns_client.c:3338] peer 1.1.1.1 verify failed. [2024-09-05 17:04:41,614][ WARN][ dns_client.c:3201] peer server 2001:4860:4860:0000:0000:0000:0000:8888 certificate verify failed, unable to get local issuer certificate [2024-09-05 17:04:41,614][ WARN][ dns_client.c:3203] peer CN: dns.tm.net.my [2024-09-05 17:04:41,614][ WARN][ dns_client.c:3338] peer 2001:4860:4860:0000:0000:0000:0000:8888 verify failed. I can confirm the block just started today tonight for me only,as i check the log,it only occurs the first time just 15min ago. Edited: Traceroute different if dns poisoning. This one non-block or non-dns poisoning. This one is block or dns poisoning. This post has been edited by go626201: Sep 6 2024, 01:17 AM Moogle Stiltzkin and PRSXFENG liked this post
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 01:13 AM Return to original view \| IPv6 \| Post #84
Regular Senior Member 1,882 posts Joined: Sep 2017	All area together start dns poisoning tonight?
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 01:31 AM Return to original view \| IPv6 \| Post #85
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(soonwai @ Sep 6 2024, 01:29 AM) fuiyor, all kena one shot. Penang has fallen. Seremban has fallen. PJ has fallen. Soviet Sarawak not spared. JB. JB? Do you copy? JB down!!! But i personal UP!!!
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:06 AM Return to original view \| IPv6 \| Post #86
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(soonwai @ Sep 6 2024, 02:05 AM) anime4000 time to start DNS business. And another day the ip block immediately. Going sleep right now, you guys keep up! I just enable my vpn for those blocked dns resolver,and all recover back to normal as before. (Mikrotik RouterOS Mangle + mark routing to SG VPN) This post has been edited by go626201: Sep 6 2024, 02:09 AM
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:10 AM Return to original view \| IPv6 \| Post #87
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(DrunkenTiger @ Sep 6 2024, 02:09 AM) wtf!! 1fichier.com pun kena block liao..or just me? rapidgator still ok WHAT!!!! how come 1fichier also ban??? Edited: SAD!!! nslookup 1fichier.com 1.9.1.9 Server: UnKnown Address: 1.9.1.9 Non-authoritative answer: Name: 1fichier.com Address: 175.139.142.25 BANBANBAN This post has been edited by go626201: Sep 6 2024, 02:11 AM
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:14 AM Return to original view \| IPv6 \| Post #88
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(soonwai @ Sep 6 2024, 02:12 AM) yes, 1fichier.com also bora bora to 175.139.142.25 How will you mitigate the block/redirect with mikrotik router? Can share? Or just simple way as use less-known dns resolver? QUOTE(blacktubi @ Sep 6 2024, 02:13 AM) Can anyone help to test if my previous list still working? Not in MY currently NTT 129.250.35.250 129.250.35.251 Singtel 165.21.83.88 165.21.100.88 L3 4.2.2.1 4.2.2.2 4.2.2.3 4.2.2.4 4.2.2.5 4.2.2.6 NTT so far okay Singtel,not sure as i cant get anwser from its. L3 okay. This post has been edited by go626201: Sep 6 2024, 02:16 AM Moogle Stiltzkin liked this post
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:21 AM Return to original view \| IPv6 \| Post #89
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(soonwai @ Sep 6 2024, 02:16 AM) Save the advanced stuff for later. Advanced thing not applicable for those consumer router,so they can only use vpn to mitigate in near future. As all plaintext dns is not possible to be use soon.
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:23 AM Return to original view \| IPv6 \| Post #90
Regular Senior Member 1,882 posts Joined: Sep 2017	TM just straight reroute the whole ip with all port to their dns server... I though they will only redirect port 53,which will allow DoH 443 to be works.
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 03:06 AM Return to original view \| IPv6 \| Post #91
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(Hitman190 @ Sep 6 2024, 03:04 AM) If its the same technique as changing to 1.1.1.1 or 8.8.8.8, it doesn't work for me. try ipconfig /flushdns 1st. Cached dns record might be use.
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 10:52 AM Return to original view \| IPv6 \| Post #92
Regular Senior Member 1,882 posts Joined: Sep 2017	I think more and more CF ip range will be poisoning in today...
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 12:57 PM Return to original view \| IPv6 \| Post #93
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(soonwai @ Sep 6 2024, 12:50 PM) Cos CtrlD got this offer today. 2hrs left. https://www.bitsdujour.com/software/control...days-deals-home That is not full control plan,u still need to pay for addition 10$ per year for upgrade.
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:33 PM Return to original view \| IPv6 \| Post #94
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(kwss @ Sep 6 2024, 02:25 PM) Just use the AWS method or the Cloudflare Worker DNS. Unblockable. Cloudflare Worker DNS might be blockable at some point,i cant say so much. This post has been edited by go626201: Sep 6 2024, 02:34 PM
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:36 PM Return to original view \| IPv6 \| Post #95
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(kwss @ Sep 6 2024, 02:33 PM) Maybe we should come out with a plan to DDoS their DNS server. How much bandwidth they have? Consider its a local network and we have high upload, its doable. The goal is to have a unique domain name each time to force recursive lookup. Even better if they cache negative response, this will evict all the good response. Bonus: Spoof the source address and port to another TM DNS server so the answer will DoS their other DNS. If they having multiple dns server to load balancing and having 100G per dns server,u cant hit it down. As they might already do the rate-limit to prevent abuse?
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 02:54 PM Return to original view \| IPv6 \| Post #96
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(kwss @ Sep 6 2024, 02:51 PM) They are using Imperva for their website. No way they can do the same for DNS server, I think it is possible to use multiple dns service. Some Chinese web got teach to use separate dns service with one domain. So it must be some config have to be done. (If they want) But confirm not CF lah... i think just normal top root server only. This post has been edited by go626201: Sep 6 2024, 02:55 PM
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 03:57 PM Return to original view \| IPv6 \| Post #97
Regular Senior Member 1,882 posts Joined: Sep 2017	For expert,just enable your free or paid vpn and use as usual. OR setup your own DNS or VPN server. For others,either buy a vpn or find a less-known DoH dns services and use it without telling people,and u should be okay for months.(months or weeks?? ) For "REAL" common user, just live with the dns redirect,u are normal person,this thing does not affect you for normal usage. (No one going to monitor you for what you visiting, unless you are the "specific guy") karenzayn, BladeRider88, and 1 other liked this post
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 05:11 PM Return to original view \| IPv6 \| Post #98
Regular Senior Member 1,882 posts Joined: Sep 2017	Most commercial vpn provider are providing Wireguard protocol since 2years ago.
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 07:00 PM Return to original view \| IPv6 \| Post #99
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(cyberic @ Sep 6 2024, 06:43 PM) Sometimes I notice 10-20 second delay. Slow Unifi or DNS? I think is slow,i also found some ipv6 connection will delay for 1-2 seconds.
Card PM	Report Top Like Quote Reply

go626201	Sep 6 2024, 07:29 PM Return to original view \| IPv6 \| Post #100
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(blackbox14 @ Sep 6 2024, 07:25 PM) Saw on /k tered that DoH and DoT are not actually blocked and something about TM not having certs? Does that mean if TM's servers functioned properly, then 8.8.8.8 and other famous DNS would still be usable with DoH, or still blocked? To be clear,it is never be blocked. JUST REROUTE/REDIRECT. It is just because the ips has been redirected to TM DNS server,and DOT and DOH need to verify the certificate in order to serve the dns queries. So when it is redirected,the browser or devices cant verify the domain and certificate to be match with authorities ,so it just out of works to prevent MITM attack. This post has been edited by go626201: Sep 6 2024, 07:30 PM Moogle Stiltzkin liked this post
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

11 Pages « < 3 4 5 6 7 > » Top

Topic ClosedOptions

Change to:

0.0291sec

0.46

7 queries

GZIP Disabled
Time is now: 13th December 2025 - 05:48 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.