Or you can use dnscrypt-proxy see here
https://github.com/jedisct1/dnscrypt-proxy It is BSD licensed and encrypts
DNS requests. I have set it on an OpenBSD router and it works well.
On Sun, Mar 12, 2017 at 12:18 AM, Walter Dnes wrote:
> Starting a separate topic, rather than hijack the main thread...
>
> On Fri, Mar 10, 2017 at 01:50:26PM -0600, Corbin Bird wrote
> >
> > 6 # : ISP is starting to filter customers web access. The ISP is
> > deciding what sites customers are allowed to see. ( look up the
> > practice called "ransom" ).
>
> Does this consist of grabbing outbound traffic to port 53? If so, I
> wonder if the following is possible...
>
> * Can a POTS dialup or a wifi connection co-exist with a broadband
> connection? It would make the network config and route config more
> complex.
>
> * If yes, can iptables be used to redirect only outbound-to-port-53
> traffic to the dialup/wifi connection, with everything else going to
> the broadband connection?
>
> * Another option, if you know the alternate DNS server address in
> advance, set up routing of the /32 (for the alternate DNS server)
> to ppp0 or wlan0 with higher priority than the default route. This
> doesn't require any iptables magic.
>
> * Can the standard linux network stack handle this properly, and use
> incoming DNS responses from the dialup/wifi connection for the IP
> addresses of websites, etc to be accessed via broadband?
>
> DNS traffic is low volume, usually fitting into 1 packet. So it
> would be feasible to divert DNS requests to a lower-speed connection.
> The broadband ISP would handle all the highspeed website, etc, traffic
> but it would not see any DNS traffic, and would not be able to intercept
> it.
>
> --
> Walter Dnes
> I don't run "desktop environments"; I run useful applications
>
>