Don't la. If it really happens I think we have bigger things to worry about... Like sanction

Can't compare in that way. China is the world's second largest economy country. They afford to do that. MY got what?

This post has been edited by loonsave: Sep 5 2024, 12:20 AM

lol nice one. but IP not fixed meh?
TM can always hijack these IPs.

I was thinking to setup Adguard server + Unbound too. Seems more straight forward to me instead of setup Cloudfrount.

TM can only hijack dedicated DNS IP. They can never hijack CDN IP without breaking the Internet.

If they do it lowyat.net, cloudflare.com and many website will instantly break

for me, i just use plain old host file. it still baffle me they already hijacking IP, why not just hijack the actual IP of the website they want to block, rather than hijacking DNS server/request.

as simple host file entry can solve it already. unless u got like thousand of block site u want to access.

it won't work this way

Cloudflare IPs are dynamic from time to time

sometimes you connected to KUL server, sometimes SIN server, depending on latency

Like this?

you can always do /32 static route what. small inconvenience are acceptable

It's all about the cost. The IP Firewall at the national level is very costly. Rerouting a small number of DNS server IP addresses and blocking it at the DNS level probably makes more sense.

Look at the current discussion about the DNS issues, it's already got us discuss for days

This post has been edited by thankyou: Sep 5 2024, 12:28 AM

no need so complicated la. telco and setup proxy u also can setup proxy. just use network load balancer (most cloud provider have this) to forward the tcp traffic to your desidred dns server can already. same like using cloudfront, but support standard TCP, rather than just HTTP/HTTPS for cloudfront.

shhhhhhhhh, dont challenge them.
i take dns block than IP block anyday

Yes correct. That's why only do it when you get domain blocked. But from observation the IP allocation lifetime from Cloudflare is pretty long lived. Plus you can always lookup a new IP.
Or use the Amazon CDN bypass method which is way more stable.

Correct. But also see my reply on top.

modern CDN networks are having dynamic IPs

at one moment you connect to LYN at 1.2.3.4, 10 minutes later it will resolved to 4.5.6.7

not to mention cloudflare and other CDNs are sharing the same IP for other customers like AirAsia as well, we won't know

so how to block LYN using archaic /32 IP block, without sacrificing AirAsia in the process?

This post has been edited by dattebayo: Sep 5 2024, 12:31 AM

point <any cloudflare cdn ip> to sky.rethinkdns.com
is this how it works?

actually no.

let me ask you.

1) traffic for 1.1.1.1 from malaysia
2) traffic to prawnhub from malaysia

which one higher traffic? of course is 1). reason being a lot ppl uses 1.1.1.1 (even those who do not surf prawnhub). now it redirect all to its own server = wasting hosting power. if they just use network level block (or route the selected ip to a black hole). the cost and processing power is very minimal,

Yup. Hardcore censorship in place.

Any IP here will work:
https://www.cloudflare.com/ips/

They have no choice but to block all of them
Yes and by doing that sacrifices other million dollar local company. Including bank.

Yes

Ok, I understand.
Thanks.

cant comment further, the company i work have dedicated IP per CDN site which we can access most of our endpoint. the only differentiating factor is them SNI.