Page 1 of 1

ISP blocking all other DNS

Posted: Tue Dec 25, 2018 4:50 am
by MOQ888
Just noticed this when using my backup connection (4GX hotspot). The Australian Government wants all ISPs to block access to "bad" sites and this is achieved by DNS blocking. Works for most attempts.

I typically use my normal connection to get onto CS, and sometimes use the 4GX hotspot to connect to CS and retrieve if I'm wanting something in a hurry.

One habit I have gotten into is having as my FF homepage to ensure I'm correctly connected and not leaking DNS.

On my normal connection I never see any ISP DNS and when connected to CS I also see the CS DNS for that exit node.

Today I was surprised to see that the CS DNSs are not being reported at all using the 4GX connection, that only the ISP's DNS is being reported. Previously it would report the ISP's DNS as well as the exit node's.

It's not a dealbreaker for me as I always gather whatever I need using my normal connection then switch over to the 4GX hotspot when I need speed, but I am curious as to what they've done to totally block a VPN's DNS?

Re: ISP blocking all other DNS

Posted: Tue Jan 01, 2019 4:11 am
by MOQ888
Must have been a transient issue ... used the hotspot again just now, connected to US_LA_UDP and ipleak showed both the ISP and CS DNS.

HNY Everyone!

Re: ISP blocking all other DNS

Posted: Thu Jan 03, 2019 8:22 pm
by df
FYI, even when you're using our DNS servers, it's still regular DNS, which is very easy to manipulate or block entirely.
To bypass anything like that, use our DNSCrypt servers instead. Most DNS blocking methods won't block that since it's TCP port 443, and it doesn't look anything like DNS.

Re: ISP blocking all other DNS

Posted: Fri Jan 04, 2019 4:33 am
by Moonlight

First of all a Very Happy and Healthy New Year to You and the CS Team!

I'm using the widget 3.36 with all options checked.

Pardon my lack of knowledge, but do all the exit nodes use DNSCrypt servers, if not which ones or what is needed to use them?

Thank you.

Re: ISP blocking all other DNS

Posted: Wed Jan 09, 2019 11:27 pm
by df
Yes, all of the nodes are running a DNSCrypt server. With the widget, all you need to do is enable the DNSCrypt option, it'll start in the background and your DNS settings will be changed to point to that DNSCrypt instance.