Sites are blocked irrespective of trr setting. I do pass all 4 tests on
cloudflare ESNI testing page. I have DNS set to 1.1.1.1 in my
Asus router itself.
If ESNI is working but the site is still blocked, make sure you're using HTTPS and then try using DoH.
There are four methods of blocking that have been used by wireline ISPs:
1. DNS hijacking (easiest)
2. IP address blocking (difficult as IP addresses can keep changing)
3. HTTP blocking (deep packet inspection based on Host header and/or URI)
4. HTTPS blocking (deep packet inspection based on SNI)
DNS blocking can be implemented in two ways:
- ISP DNS server blocks the site but allows third-party DNS. Workaround: use any public DNS server
- ISP DNS server blocks the site and prevents (or intercepts) third-party DNS. Workaround: DoH
IP address blocking was very common in the old days but is rare these days.
HTTP blocking is widely used. Working around this is quite complicated and sometimes impossible without a proxy server or a
VPN. Its easier to use HTTPS.
HTTPS blocking is used by large ISPs (this requires high-end routers). Workaround: ESNI
With HTTPS, DoH, ESNI and CDNs, website blocking is pretty much impossible as of today. The only feasible way would require DoH providers and CDNs to do the blocking themselves based on the geolocation of the user.