DNS Hijacking


#1

1.1.1.1 DNS doesn’t work on my PC (Windows 10) because my ISP redirects the DNS (ISP DNS Hijacking) but when I use the app on my mobile and iPad, it works (I can bypass my ISP hijacking).
My question is: have you got similar app that works on PC (Windows 10)?
Or is there any way to bypass ISP DNS hijacking on Windows?
Any help would be appreciated…
Thanks…


#2

Yes with the new encrypted DNS protocols such as DNS-over-HTTPS, DNS-over-TLS and DNSCrypt. You can encrypt the DNS traffic from your client to the chosen DNS resolver and bypass anything that the ISP might be doing to the DNS.

There are several client applications (all support Cloudflare’s DNS service 1.1.1.1):


How to know if 1.1.1.1 is working?
#3

It works great on Windows 10 devices and highly recommend Simple DNScrypt that @publicarray posted. Be sure to enable the service, place a check in the network adapters you wish to use and I prefer to only use the Cloudflare resolver. After that, it’s a pretty good idea to logout or reboot then test your browser here.

For Firefox 64+

  1. go to about:config and search trr
  2. set network.trr.mode to 2
  3. set network.trr.uri to https://1.1.1.1/dns-query
  4. search sni
  5. set network.security.esni.enabled to true

How to know if 1.1.1.1 is working?
#4

Thanks a lot… publicarray… I use simplednscrypt… and it works perfectly…
Once again many thanks…
Keep up the good work!!!


#5

Thanks, Also thanks to @Withheld for he’s experience, the ESNI and Firefox guide :slight_smile:

@marianiode if you have found the solution please mark one of the comments as the answer so that others can find the answer quickly. Thanks.


#6

Thanks to you too Withheld for your great info…
Thank you two times…
Ciao…


#7

What about macOS, publicarray?

Any software to bypass ISP DNS Hijacking?

Thanks in advance…

Look forward to your info…


#8

For DoH

There is also Stubby if you prefer DoT

For completeness unbound and knot resolver can also be used but they require a bit more expertise to setup correctly.


#9

@cloonan since there have been multiple recent discussions (1 2) around encrypted DNS, is is possible to add a community tip for it? or improve the documentation? I’m happy to help out if needed.

An older thread: 1

PS @jedisct1 is the creator/maintainer for dnscrypt-proxy


#10

Thanks a lot, publicarray… you’re a genius…

Ciao…


#11

Please refer to linked software page. That was helpful in changing DNS to 1.1.1.1 in my case.

Normally, I was unable to use in Windows 10.


#12

Hi @publicarray, yes, I’ve added it to the list and will reach out with a draft for ideas. Thank you!