encrypted dns. using something like nextdns or simple dnscrypt. it basically uses https for your dns queries so they cannot be modified by your isp. excitel and some other shitty isps would basically intercept your dns queries and process them using their own servers.
BSNL is inserting ads in websites, sending their users to malware sites through malware code injection
- Thread starter CRACING
- Start date
- Featured
- Replies 645
- Views 199,731
vignesh_venkatesan
Professional Procrastinator
I still believe BSNL is not using DPI like airtel and jio.
If they are using dpi for snooping then they would use it for blocking https sites.
If they are using dpi for snooping then they would use it for blocking https sites.
VPN is the best option.
A custom VPN setup can be created using $5 droplet on DigitalOcean and some free open source software's.
1. Wireguard VPN
2. Pihole
3. Unbound DNS with Root Nameservers
Or else
Use a Raspberry PI 3B+ to create a custom DNS server using:
1. Stubby DNS with DOT(DNS over TLS) and DNSSEC
2. Pihole for network level blocking
I don't know if using stubby would stop the ads from BSNL but it is still a good DNS setup for any home network.
A custom VPN setup can be created using $5 droplet on DigitalOcean and some free open source software's.
1. Wireguard VPN
2. Pihole
3. Unbound DNS with Root Nameservers
Or else
Use a Raspberry PI 3B+ to create a custom DNS server using:
1. Stubby DNS with DOT(DNS over TLS) and DNSSEC
2. Pihole for network level blocking
I don't know if using stubby would stop the ads from BSNL but it is still a good DNS setup for any home network.
varkey
I got banned!
Yeah, perhaps selectively routing non-HTTPS traffic through a VPN would do as well. On OpenWRT with mwan3 it can be easily done.
Although I personally wouldn't prefer using a VPN for all traffic cause I don't like to have a VPN client on each device, in which case I would need to setup the VPN client on my router (or some other always on device). In that case the router would become a performance bottle neck, unless I get a more beefier device for the VPN.
Also, most blacklists doesn't seem to have the domains used by BSNL for the malware/adware so those need to manually blocked. I'll see if I can get the domains I mentioned in the earlier posts to couple of blacklists.
Although I personally wouldn't prefer using a VPN for all traffic cause I don't like to have a VPN client on each device, in which case I would need to setup the VPN client on my router (or some other always on device). In that case the router would become a performance bottle neck, unless I get a more beefier device for the VPN.
Also, most blacklists doesn't seem to have the domains used by BSNL for the malware/adware so those need to manually blocked. I'll see if I can get the domains I mentioned in the earlier posts to couple of blacklists.
varkey
I got banned!
eriek_halenx
I got banned!
Dns over TLS.
Once we setup a basic pihole there's a choice of many 'flavours' that we can configure it to. DoT, DoH, recursive, DnsCrypt and some options like DNSSEC etc. (I've gone with Dnscrypt.)
eriek_halenx
I got banned!
@abhishekluv , dnscrypt 2.0 will , very conveniently, support DoH if connected server supports (reddit)
@eriek_halenx Yes. Currently, I am using DoT(Stubby + Cloudflare 1.1.1.1 1.0.0.1) with Pihole. I am not using DoH anymore.
@eriek_halenx After reading this https://www.privacytools.io/providers/dns/ I have switched to encrypted DNS using AdGuard.