encrypted dns. using something like nextdns or simple dnscrypt. it basically uses https for your dns queries so they cannot be modified by your isp. excitel and some other shitty isps would basically intercept your dns queries and process them using their own servers.