then enable back secure DNS.

if PAS implemented this. how can they going layan undanghub easily..

torrent most the time use IP only.. using IP why the heck need DNS.

if using TLS, they cannot just simply reroute it just like that. unless they want to break the connection and functionality. reason being the decryption key only exist in google /cloudflare server. public only have the encryption key (public key) to encrypt the payload to send over, so yeah.

lol... kek.. so much for "transparent" proxy.. might as well say DNS hijacking, since not transparent at all..

yes, DOH and DOT won't work if your DNS traffic got hijacked (route to another server).

Fakmi: I am the law.

hahahaha.. "transparent"....

why not ask which websites is allowed. the list might be shorter.

next they will intercept all plain(unencrypted) DNS query point to their own DNS. then ur DNS relay to support SSL..

use ipv6.. owai..

so.. if ppl choose AWS new region in Malaysia to host their workload. everything cannot load? essentially sampah hosting? or Data center provider is "immune" to these..

MS also setting up data center in JB.. owai..

for me, i just use plain old host file. it still baffle me they already hijacking IP, why not just hijack the actual IP of the website they want to block, rather than hijacking DNS server/request.

as simple host file entry can solve it already. unless u got like thousand of block site u want to access.

no need so complicated la. telco and setup proxy u also can setup proxy. just use network load balancer (most cloud provider have this) to forward the tcp traffic to your desidred dns server can already. same like using cloudfront, but support standard TCP, rather than just HTTP/HTTPS for cloudfront.

actually no.

let me ask you.

1) traffic for 1.1.1.1 from malaysia
2) traffic to prawnhub from malaysia

which one higher traffic? of course is 1). reason being a lot ppl uses 1.1.1.1 (even those who do not surf prawnhub). now it redirect all to its own server = wasting hosting power. if they just use network level block (or route the selected ip to a black hole). the cost and processing power is very minimal,

use your company VPN.. owai..

depend on your level of "eavesdropping ". if the site is running on HTTPS, at most they can see is the destination IP and port. the other part like the FULL HTTP request is encrypted.

depend on how the filtering works. if they just merely redirecting DNS traffic, it can work better as u by pass that checking and able to really use better DNS server than ISP's shitty ones.

business users only right?