For windows must install software? Can it be done in settings or something?

Lets go, but I think most Tplink router users wont have such luck?

I use quad9 DoH and DoT on adguard.
Just now it stopped working, sites fail to resolve. I see a bunch of timeout in the logs using 443. After removing DoH, it started working again. Adding back DoH did not break it.
Checking on ipleak, Global Transit (TIME) shows up for ipv4 while Woodynet(Quad9) shows up for ipv6.
Something is not right

Thanks for informing. Did a trace route on ipv6, seems to go to Singapore still, ipv4 goes to myix

I tested with AS10030 Celcom but it doesn't implement transparent proxy DNS and doesn't block anything.
You can view the reports here:
1.1.1.1:
https://explorer.ooni.org/m/20240813131113....4706209241c200c
8.8.8.8:
https://explorer.ooni.org/m/20240813131135....aa74995ad507bf9
9.9.9.9:
https://explorer.ooni.org/m/20240813131158....27ecfbf61a2bcb0

I tested with XOX which is MVNO riding on Celcom.

SNIP
Unable to resolve that domain but traceroute shows !X

https://forum.lowyat.net/index.php?showtopi...ost&p=110240779

It has always bugged me that AS4788 would rather send AS42 bound packets to Singapore/international transit rather than use it on MyIX. At least now I have a explanation, but man it goes back to the "good old days" when packets between ISP's/ASN's would go around the world because AS4788 refused to peer with, well, anyone.

Interesting that TIME (AS9930) is not hijacking all DNS53 packets at least?

Given that it is a AUTHORITY: 0 reply, suggests that it is blocked by Quad9, instead of non-existent domain, with the NXDOMAIN response: https://docs.quad9.net/FAQs/

Thus it looks like DNS53 packets to Quad9 DNS are still being untampered with (for now?)

That's why people have the option to use their own/buy their own router. ISP's locking down routers is not limited to Malaysian ISP's: plenty of cases in other countries if Reddit posts are any indication.

What is problematic is hijacking DNS53 at the network level. Ie. What Celcom(Digi) seems to be doing. (And what Indonesia is doing) Using own router (notwithstanding DoT/DoH) for alternate DNS providers will fail when the ISP hijacks DNS53 at their network level/side.

The MSC Bill of Guarantees died with the Najib administration.

Actually can i use openwrt in my unused router, let say a Dlink dir842 stock router, to configure DoH in it? 

are they even hijacking ? don't see the ip being routed

Is that mean i have DoH? But i use only cloudflare 1.1.1.1 dns in router, without DoH setting

Any newer (AX or later) Asus router that is supported by Merlin should be able to run AdGuard Home. You can do a web search for “AdGuard Home Asus Merlin” to find relevant projects/instructions on Github and discussions on SmallNetBuilder forums. Not really needed though since Asus Merlin has amtm which lets you use Diversion and Skynet, which do an equally good job but are much lighter on resources.

A couple of GL.iNet routers (Flint and Flint2) come installed with AdGuard Home, but buying them in MY is a bit of a hassle. I don’t know of any local resellers in MY. Shopee and Lazada stores will ship them from Hong Kong or Taiwan, so your delivery might be held by customs due to the Sirim requirements and whatnot.

Probably any OpenWRT compatible router with sufficient RAM can also install AdGuard Home via opkg and LuCi quite easily. The hard part would be getting OpenWRT installed on that router in the first place.

Mikrotik routers probably compatible also, likely via containers (I have zero experience with this brand so just an assumption here, please don’t quote me on this).

just to check, if I use something like NordVPN would I still need to mess around with DNS settings ?

travel quite alot, and noticed when in public wifi (airports, hotels etc) especially those with network login page, sometimes don't work if I've changed the DNS settings. so it's a hassle to delete and re-add.

windows 11 does support dns encryption... just need to manually enabled in network settings and use the desired dns service..

remember enable dns over https... not the plain dns
example, adguard dns

Works fine on TIME in Penang. So far, here not even blocking plaintext yet.