Last week’s Supreme Court decision in Cox Communications reshaped the piracy liability landscape, creating new urgency for site-blocking.
Last week’s Supreme Court decision in Cox Communications reshaped the piracy liability landscape, creating new urgency for site-blocking.
Most isps just mess with the DNS, dnscrypt is a solution to make sure they can’t. Best solution is not using dns in the first place though.
Yeah, I have my own DNS server that caches from multiple backing servers as needed. I’m not worried about DNS blocking, it’s never been effective. The issue is ISP level blocking usually isnt just DNS blocking, it’s also involves IP level blocking, many of which dont work on IPv6 which is one reason (besides just resistance to replacing old hardware) it hasn’t been adopted widely by consumer ISPs. If you have only a single, unchangeable (by anyone other than them) IP address, they have much more control and your traffic is much easier to track and manipulate.
And there is even lower level blocking at lower layers of the network stack. ISPs can intercept and mangle packet’s destinations at any layer because your traffic must go through them and so your networking equipment must trust their equipment to properly route traffic. They don’t do it now mostly because it means adding a lot more processing power to analyze every packet. I do it all the time at home to block ads and other malicious traffic. But if they’re required to upgrade to allow for that level of traffic analysis, by law, then that opens the floodgates for all kinds of manipulation either politically or capitalistically nefarious in nature.
Use DNS over HTTPS (or TLS or QUIC). I think some browsers use it by default now. If there’s country-specific blocks, use your own recursive DNS server, or one in another country.
Can still be messed with by the Isp not saying dns encrypt is a solution but it will bypass this, not much it can do against direct IP blocking mind you for that you need vpn or a service like tor/i2p.
Does stop the this has been blocked by court order type messages though and does it well.
Not as easily though. It’s like regular HTTPS - if anyone, including the ISP, tries a MitM (man in the middle) attack, you’ll get a security error because the certificate won’t be trusted. The only real way for a MitM attack to be successful is installing a custom root certificate on the client system.
Like you mentioned, IP blocking is harder to bypass, but that’s unrelated to DNS blocking. IP blocking is harder to do if the site uses a CDN like CloudFront, BunnyCDN, Cloudflare, etc though, since a large number of sites use the same IPs.