Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

ISP blocking all other DNS

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
MOQ888
Posts: 50
Joined: Sun Apr 02, 2017 6:31 pm

ISP blocking all other DNS

Post by MOQ888 » Tue Dec 25, 2018 4:50 am

Just noticed this when using my backup connection (4GX hotspot). The Australian Government wants all ISPs to block access to "bad" sites and this is achieved by DNS blocking. Works for most attempts.

I typically use my normal connection to get onto CS, and sometimes use the 4GX hotspot to connect to CS and retrieve if I'm wanting something in a hurry.

One habit I have gotten into is having ipleak.net as my FF homepage to ensure I'm correctly connected and not leaking DNS.

On my normal connection I never see any ISP DNS and when connected to CS I also see the CS DNS for that exit node.

Today I was surprised to see that the CS DNSs are not being reported at all using the 4GX connection, that only the ISP's DNS is being reported. Previously it would report the ISP's DNS as well as the exit node's.

It's not a dealbreaker for me as I always gather whatever I need using my normal connection then switch over to the 4GX hotspot when I need speed, but I am curious as to what they've done to totally block a VPN's DNS?
Attachments
Screenshot_20181225.png


Topic Author
MOQ888
Posts: 50
Joined: Sun Apr 02, 2017 6:31 pm

Re: ISP blocking all other DNS

Post by MOQ888 » Tue Jan 01, 2019 4:11 am

Must have been a transient issue ... used the hotspot again just now, connected to US_LA_UDP and ipleak showed both the ISP and CS DNS.

HNY Everyone!

User avatar

df
Site Admin
Posts: 404
Joined: Thu Jan 01, 1970 5:00 am

Re: ISP blocking all other DNS

Post by df » Thu Jan 03, 2019 8:22 pm

FYI, even when you're using our DNS servers, it's still regular DNS, which is very easy to manipulate or block entirely.
To bypass anything like that, use our DNSCrypt servers instead. Most DNS blocking methods won't block that since it's TCP port 443, and it doesn't look anything like DNS.


Moonlight

Re: ISP blocking all other DNS

Post by Moonlight » Fri Jan 04, 2019 4:33 am

@DF

First of all a Very Happy and Healthy New Year to You and the CS Team!

I'm using the widget 3.36 with all options checked.

Pardon my lack of knowledge, but do all the exit nodes use DNSCrypt servers, if not which ones or what is needed to use them?

Thank you.

User avatar

df
Site Admin
Posts: 404
Joined: Thu Jan 01, 1970 5:00 am

Re: ISP blocking all other DNS

Post by df » Wed Jan 09, 2019 11:27 pm

@Moonlight
Yes, all of the nodes are running a DNSCrypt server. With the widget, all you need to do is enable the DNSCrypt option, it'll start in the background and your DNS settings will be changed to point to that DNSCrypt instance.

Post Reply