TM proxy implementation is by stages.
they cant have a single server cluster handles the task of hijacking every users dns requests.

I'm on time fibre though. remember reading that time had implemented this way before tm.

but time didnt cover DoH and DoT right?
hopefully SKMM didnt mandate those blocking lel.

i tried.. Firefox... enable Increased Protection.. Chooose NextDNS as provider... it works....

or Use Safari...

cloudflare and google dont work?

or if you use win11, just use OS level DoH at network setting.


This post has been edited by failed.hashcheck: Sep 3 2024, 11:27 PM

just read unifi thread, TM just reroute google dns or cloudflare to their TM dns resource. looks like TM use the most efficient method without provisioning tons of servers for transparent proxy. such evil.

that only for plaintext dns right?
Even with DoT they could only block at most.
If they could tamper DoH, like rerouting and return a valid response without hijacking browser certificate, I think we have global IT emergency right now since that means TLS 1.3 has been broken.

IP level la boss, meaning plaintext, dot, doh all redirected.

doh will not work without valid cert.

anyway, i will move to "not widely" known public dns service, koff koff ans1.Singapore3.Level3.net,ans2.Singapore3.Level3.net
AIMS also have DNS server that not filtering ahem site. IP is 110.74.147.67

alibaba also (47.254.217.105), (may send data to CCP)

This post has been edited by zerorating: Sep 3 2024, 11:53 PM

kek so DoH simply stop working then

When that finally happen to me I'll just fire up unbound and spawn my own DNS server.
Finally got some real legit use for those Oracle Compute instances that I don't know what to do other than hosting hentai@home

everything stop working. even Google dns website also they berani hantam. cos TM curi the whole 8.8.8.8 IP.


Before


After. You can also click Advanced to look at the SSL cert.

Not all ppl affected though so means TM just testing je. So far:

Kajang ❌❌ me & raynman
Kuching ✅ karenzayn
Penang ✅ tng55
PJ ✅ countingcrows

Wah masih lagi run h@h

if using TLS, they cannot just simply reroute it just like that. unless they want to break the connection and functionality. reason being the decryption key only exist in google /cloudflare server. public only have the encryption key (public key) to encrypt the payload to send over, so yeah.

Already broken. TM's google, cloudflare, opendns & cleanbrowsing dun have DoH or DoT capabilities. No point since they dun have the cert.

they just add static route,have a server that was assigned with IP 8.8.8.8,8.8.4.4, 1.1.1.1(not internet facing) with its job were redirecting all traffic meant for port 53,443 to their DNS server (dns.tm.net.my). totally blocks doh and dot service. tm dns dont support dot and doh, so it wont work at all.

anyway, the leftover workaround were just the alternative public dns, hopefully TM dont block it too.

This post has been edited by zerorating: Sep 4 2024, 02:36 AM

take some, give some.

If using Cleanbrowsing-Adult DNS, (185.228.168.10 & 185.228.168.11) last time cannot access www.porno hammer.com.

Now with TM's "upgraded" Cleanbrowsing-Adult DNS (185.228.168.10), can.

TQ TM

TM have dns server that dont follow mcmc guideline.
175.139.1.45
175.139.156.45

Hard to imagine they would make this standard. The stake is too damn high.
Right now Google have lots of their apps hardwired to their (cleartext) DNS, and it's not unreasonable to see they will go further with DoT in future.
Shit going to hit the fan really hard when that day finally come.

At some point few years ago Oracle realized they are being stupidly generous offering a rather thicc instances for free (up to 4 micro instances with pooled 200gb storage and up to 24gb ram). And now they will terminate and reclaim those that they deemed underused for 7 consecutive days.

So I have to generate some CPU/ram and traffic to keep my holding, and apparently h@h is perfect for that 🤣

In other words, changing to DOH and DOT doesn't work anymore right?

This post has been edited by annoymous1234: Sep 4 2024, 01:34 AM