Cross posting from Unifi thread for those who didn't go there. Running cost should be less than USD $0.60 per month

DNS wall climbing for beginner
This quick guide will teach you how to use CDN to front DoH server using Amazon CloudFront.
The benefit this provides over other method is the difficulty of the censor to block this kind of setup without blocking the whole CDN provider.

Requirements:
AWS Account
Browser / OS / resolver supporting DoH

Login to your AWS account and search for CloudFront. Create a new distribution.
Refer to the setting below and put in your desired DoH server:


After you are done creating the distribution, wait for it to finish deploying:


Put the address and the full path into your browser / OS / resolver:


Finally test your resolver:


DNS wall climbing stealth setup
This is a setup for people who are already using CloudFront for their business and wish to hide DoH inside it.
I am using ControlD here instead of Cloudflare DNS. The "/dns-query" in cloudflare is "/p0" in controld.

First add an Origin like below:


Then add a Behavior:


Wait for it to finish deploying. You will access it via https://mydomain.com/bkaj41f

For people wondering what is my "DoH-fronting" policy, here is it:

if like this its much cheaper and easier to just buy nat vps in sg and set up wireguard

It is...
Actually my USD $0.60 calculation involved some very serious usage.
My current bill for this setup is only USD $0.01

sigh, now cannot access my research database anymore

So this is not nationwide?

I can still access everything

No choice have to use a VPN

Mostly Klang Valley for now and not all parts but Kajang for sure. Penang, Negeri & JB still ok. Where you?

Honestly, I oso will give up if they go so extreme. If they don't want honest feedback from the rakyat then go ahead just censor us all la. What's the point of sharing information that the majority doesn't have anyway? See I shared information during COVID but you all hate me call me antivax, tried to doxx me, tried to get me arrested.

Fuck la study until Cambridge oso come back here and toe the party like. They are all the same.

https://www.mysterium.network

for those who wanna go down decentralized vpns

People laughed when I said I don't stream.

The painful part is one of my nuclear codes drive died shortly before they started implementing Great Firewall. Not sure if I'll have the chance to recollect everything.

what does it mean? i just visited this website.

You can still connect to the real Google DNS server. So means your area not affected yet. Where are you?


This post has been edited by soonwai: Sep 4 2024, 07:56 PM

sentinel better, they have free app and telegram bot

https website needs valid certificate
- valid issuing authority
- valid owning organisation
- valid certificate's start and expiry dates
- certificate name matches the name of respurce being accessed

if you can browse https://dns.google without issue, that means everything is hunky dory.

but if you tried to browse it and get presented with a invalid certificate, and your system clock is correct, it's probably another non-Google entity pretending to be Google, without access to valid Google-owned certificate.

OR, if you can't load it at all and you are certain your internet connection is up, highly likely it is blocked altogether to prevent DoH.

(DNS-over-HTTPS uses tcp/443 just like any other default SSL web hosting.)

This post has been edited by Oltromen Ripot: Sep 4 2024, 08:02 PM

muahahaha

all your base are belong to us



This post has been edited by JimbeamofNRT: Sep 4 2024, 08:07 PM

I think there should be a balance between free speech and moderation.

All the while we believe in self policing and society self correcting the fringe. Just leave unpopular opinions alone, so that people can see and make up their own minds. I may disagree with what you say, but I will absolutely defend your right to say it. But that was a different time, where passersby can just ignore the crazy person shouting in a corner. Nowadays, via social media, everybody has a global reach.

A lot of people, myself included, got pretty nervous looking at what happened in the UK.

Is the current DNS hijacking overkill? Maybe. But looking at the wild wild west in most social media sites (Facebook, TikTok), I sometimes do wish there would be some form of moderation there.

Apa sarahan iHerb?

Is the current DNS hijacking overkill? Maybe.

It's a slippery slope, if the current government doesn't abuse the blocking mechanism (which is arguable), then what about the next one, and the one after that and so on. Frankly putting the blocking mechanism in place just opens up a can of worms instead of closing (censoring) it.

is there a simple solution around this? or need to us VPN?