I’ve encountered a significant issue with my DNS resolution due to what appears to be a mandated DNS redirection implemented by my ISP. Despite configuring Quad9 as my upstream DNS server, queries were not reaching the intended endpoints. This behavior persisted even after verifying the correct IP addresses.
While I understand the potential rationale behind such a policy, the lack of transparency and communication from my ISP is deeply concerning. The claim that this redirection will enhance security is questionable, as it could inadvertently introduce vulnerabilities or compromise privacy. Furthermore, it raises red flags about potential government censorship efforts.
To mitigate these risks, I strongly recommend employing DNS over TLS (DoT) or DNS over HTTPS (DoH) protocols. These methods can help bypass the redirection and ensure your DNS queries remain private. If these options are not feasible, consider using a VPN service, such as Cloudflare’s Warp.
It seems the DNS redirection directive is now on hold. Regardless, what I can say is that those who learned how to configure DoT and DoH will likely continue using them from now on, just in case.
https://www.lowyat.net/2024/331789/mcmc-dns-redirection-of-public-servers-has-been-halted/
Better to just have it forever turned on, than to react when it’s sneakily blocked again.