Secure DNS (DoH/DoT) blocking in Indonesia 2023-12-30 #319
Description
Copied from #316 (comment):
On December 30th 2023, some ISPs have blocked access to DoH/DoT domain
Our DNS service [dns.bebasid.com] is also affected
Aside PT Netciti Persada, PT Jaringan Sarana Nusantara (JSN) also started to blackholling DoH from their DNS, it seems Kominfo started to roll this to every ISPs
Thanks to National DNS regulation, changing plain DNS won't work so you are stuck with ISP DNS that is blocking access to DoH/DoT domain as you can see the result of nslookuping to Google DNS is hijacked to each ISP's DNS.
If you want to use DoH/DoT, writting the [resolver] domain on host file will work
~ $ curl -v https://security.cloudflare-dns.com/dns-query * processing: https://security.cloudflare-dns.com/dns-query * Trying 0.0.0.0:443... * connect to 0.0.0.0 port 443 failed: Connection refused * Failed to connect to security.cloudflare-dns.com port 443 after 135 ms: Couldn't connect to server * Closing connection curl: (7) Failed to connect to security.cloudflare-dns.com port 443 after 135 ms: Couldn't connect to serverWtf is this
~ $ curl -v dns.bebasid.com * processing: dns.bebasid.com * Trying 0.0.0.0:443... * connect to 0.0.0.0 port 443 failed: Connection refused * Failed to connect to dns.bebasid.com port 443 after 5260 ms: Couldn't connect to server * Closing connection curl: (7) Failed to connect to dns.bebasid.com port 443 after 5260 ms: Couldn't connect to server
~ $ nslookup dns.bebasid.com nslookup dns.google nslookup cloudflare-dns.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: dns.bebasid.com Address: 0.0.0.0 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: dns.google Address: 0.0.0.0 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: cloudflare-dns.com Address: 0.0.0.0