Hi, Depending on how "evil" the ISP is, or how you want to obfuscate your metadata, you might want to have a look at dnscrypt https://blog.ipredator.se/openbsd-dnscrypt-howto.html
On 18 June 2017 at 10:59, Stuart Henderson <[email protected]> wrote: > On 2017-06-17, Paul Suh <[email protected]> wrote: > > Folks,=20 > > > > My understanding of the way that this is done is by returning a CNAME = > > when the ISP's DNS recursive DNS server would otherwise return a = > > NXDOMAIN result, followed by a HTTP 302 when the browser attempts to = > > reach the host via the bogus CNAME.=20 > > > > My question is would running my own internal recursive DNS resolver be = > > sufficient to stop this from happening? (I run my own DNS server anyway, > = > > but I'm curious to see whether it would be sufficient to bypass the = > > search page redirection stupidity.)=20 > > Usually that's enough, but it depends how evil the ISP is. > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
