Or you can use dnscrypt-proxy see here https://github.com/jedisct1/dnscrypt-proxy It is BSD licensed and encrypts DNS requests. I have set it on an OpenBSD router and it works well.
On Sun, Mar 12, 2017 at 12:18 AM, Walter Dnes <waltd...@waltdnes.org> wrote: > Starting a separate topic, rather than hijack the main thread... > > On Fri, Mar 10, 2017 at 01:50:26PM -0600, Corbin Bird wrote > > > > 6 # : ISP is starting to filter customers web access. The ISP is > > deciding what sites customers are allowed to see. ( look up the > > practice called "ransom" ). > > Does this consist of grabbing outbound traffic to port 53? If so, I > wonder if the following is possible... > > * Can a POTS dialup or a wifi connection co-exist with a broadband > connection? It would make the network config and route config more > complex. > > * If yes, can iptables be used to redirect only outbound-to-port-53 > traffic to the dialup/wifi connection, with everything else going to > the broadband connection? > > * Another option, if you know the alternate DNS server address in > advance, set up routing of the /32 (for the alternate DNS server) > to ppp0 or wlan0 with higher priority than the default route. This > doesn't require any iptables magic. > > * Can the standard linux network stack handle this properly, and use > incoming DNS responses from the dialup/wifi connection for the IP > addresses of websites, etc to be accessed via broadband? > > DNS traffic is low volume, usually fitting into 1 packet. So it > would be feasible to divert DNS requests to a lower-speed connection. > The broadband ISP would handle all the highspeed website, etc, traffic > but it would not see any DNS traffic, and would not be able to intercept > it. > > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > >