How to bypass DNS spoofing by an ISP on a router?

D

dollar2018-09-09 17:11:37

Computer networks

dollar, 2018-09-09 17:11:37

My ISP redirects all DNS queries to their servers.
Even if you specify an arbitrary site as DNS, the address will still be resolved.

C:\Users\user>nslookup ya.ru example.com
╤хЁтхЁ:  UnKnown
Address:  93.184.216.34

Не заслуживающий доверия ответ:
╚ь :     ya.ru
Addresses:  2a02:6b8::2:242
          87.250.250.242

Accordingly, if you specify third-party DNS in the settings, then requests simply do not reach them.
How to solve this problem at the router level? Will a regular router handle it or do I need to buy some special equipment?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

dollar, 2018-09-11
@dollar

As a solution, the path of using a non-standard port was chosen .
Instead of DNS port 53, you can use, for example, port
5353.
(It is necessary that the DNS server supports a non-standard port)
True, the native firmware of the router did not know how to do this. I had to install OpenWRT on the router. At the same time, I uploaded a hosts file to it to block ads.
But I had to tinker.

S

Sergey, 2018-09-09
@SuNbka

Use tls dns.
https://habr.com/post/353878/
https://developers.cloudflare.com/1.1.1.1/dns-over-tls/

D

Diman89, 2018-09-10
@Diman89

Rent a vps, raise a vpn on it and live happily, letting either only dns traffic through the tunnel, or the whole