Or you can use dnscrypt-proxy see here
https://github.com/jedisct1/dnscrypt-proxy It is BSD licensed and encrypts
DNS requests. I have set it on an OpenBSD router and it works well.

On Sun, Mar 12, 2017 at 12:18 AM, Walter Dnes <waltd...@waltdnes.org> wrote:

>   Starting a separate topic, rather than hijack the main thread...
> On Fri, Mar 10, 2017 at 01:50:26PM -0600, Corbin Bird wrote
> >
> > 6 # : ISP is starting to filter customers web access. The ISP is
> > deciding what sites customers are allowed to see. ( look up the
> > practice called "ransom" ).
>   Does this consist of grabbing outbound traffic to port 53?  If so, I
> wonder if the following is possible...
> * Can a POTS dialup or a wifi connection co-exist with a broadband
>   connection?  It would make the network config and route config more
>   complex.
> * If yes, can iptables be used to redirect only outbound-to-port-53
>   traffic to the dialup/wifi connection, with everything else going to
>   the broadband connection?
> * Another option, if you know the alternate DNS server address in
>   advance, set up routing of the /32 (for the alternate DNS server)
>   to ppp0 or wlan0 with higher priority than the default route.  This
>   doesn't require any iptables magic.
> * Can the standard linux network stack handle this properly, and use
>   incoming DNS responses from the dialup/wifi connection for the IP
>   addresses of websites, etc to be accessed via broadband?
>   DNS traffic is low volume, usually fitting into 1 packet.  So it
> would be feasible to divert DNS requests to a lower-speed connection.
> The broadband ISP would handle all the highspeed website, etc, traffic
> but it would not see any DNS traffic, and would not be able to intercept
> it.
> --
> Walter Dnes <waltd...@waltdnes.org>
> I don't run "desktop environments"; I run useful applications

Reply via email to