Hi,

Depending on how "evil" the ISP is, or how you want to obfuscate your
metadata, you might want to have a look at dnscrypt
https://blog.ipredator.se/openbsd-dnscrypt-howto.html

On 18 June 2017 at 10:59, Stuart Henderson <s...@spacehopper.org> wrote:

> On 2017-06-17, Paul Suh <pl...@goodeast.com> wrote:
> > Folks,=20
> >
> > My understanding of the way that this is done is by returning a CNAME =
> > when the ISP's DNS recursive DNS server would otherwise return a =
> > NXDOMAIN result, followed by a  HTTP 302 when the browser attempts to =
> > reach the host via the bogus CNAME.=20
> >
> > My question is would running my own internal recursive DNS resolver be =
> > sufficient to stop this from happening? (I run my own DNS server anyway,
> =
> > but I'm curious to see whether it would be sufficient to bypass the =
> > search page redirection stupidity.)=20
>
> Usually that's enough, but it depends how evil the ISP is.
>
>


-- 
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434

Reply via email to