What's new

https://www.costco.com loads, but not costco.com

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yet again today my ISP seems to be blocking my NTP and dnscrypt queries; its been fine for months but on occasion it goes down no matter what service or tricks I try; ICMP to IP works. VPN works great, so I want to set up a fallback to send all dnscrypt queries through the OpenVPN client tunnel; if these issues were not happening to me I would feel a lot more comfortable using DNS with my provider, though it may not only be ISP but any middle box on the line can interfere; not to mention hackers on the local ISP gateway. When you are trying to stop your government from killing babies and providing citizenship for al qaeda, sometimes the ****ers get uppidy. My ISP router was being hacked as well, if I dont use protections like DNScrypt & a quality router, I am fair game for hackers.
 
Last edited by a moderator:
I think a lot of these issues I have been experiencing with https and other sites not working of late had to do with changing the MTU to 1492 on my AsusWRT; I changed it back to the standard 1500 and everything seems to be working fine again. The router was going hard hammering the subnet with icmp presumably for troubleshooting reasons after I changed it.
 
Hmm, I just upgraded pixelserv-tls, maybe this had something to do with it: (i clear cache and don't store certs in the browser)

  • Upgraded OpenSSL to 1.1.1b for pixelserv-tls static binaries. OpenSSL 1.1.1b provides better compatibility for client browsers and apps.
  • Added logging on LEVEL 2 when a client disconnects before a response is sent i.e. a 'cly' event
 
One example being I have to use my ISP DNS to receive un-metered “data-free” streaming for Spotify and Netflix. So that’s a nuisance.
You can use make dnsmasq use your ISP's DNS for only those domains and still use whatever you choose for everything else. Just put:
Code:
server=/*.netflix.com/*.nflximg.com/*.nflxvideo.com/1.2.3.4
in your /jffs/dnsmasq.conf.add file where 1.2.3.4 is your ISP's DNS. Make another line for Spotify and you're golden.
 
Wow thank you sbsnb, never heard of round-robin dns before. Yes I just found that opennic.org is on a different ip than www.opennic.org, and one of the ips is on a blocklist, im not sure how that got there; does Skynet have an intrusion detection system that auto-bans things like this? or is it a blacklist / whitelist only model?


EDIT i notice skynet has banned multiple opennic.org ips, i whitelisted one and yet it still was blocked at another IP; what are the odds? why is this happening?

EDIT:
167.99.4.63 & 104.198.14.52

Edit: make that 3 so far:

142.93.122.177
 
Last edited:
Why do you trust that the regulations are properly enforced against all DNS providers? I'm genuinely curious.
This must be a Swiss thing. My country is not perfect, but some things are very good here.
That includes the laws and its enforcement and independent control mechanisms that work really well.
 
You can use make dnsmasq use your ISP's DNS for only those domains and still use whatever you choose for everything else. Just put:
Code:
server=/*.netflix.com/*.nflximg.com/*.nflxvideo.com/1.2.3.4
in your /jffs/dnsmasq.conf.add file where 1.2.3.4 is your ISP's DNS. Make another line for Spotify and you're golden.
dnamasq doesn't support wildcards like that. Just using the below would do.
Code:
server=/netflix.com/nflximg.com/nflxvideo.com/1.2.3.4

Code:
$ echo "server=/example.com/1.1.1.1" >> /jffs/configs/dnsmasq.conf.add
$ echo "server=/*.example.com/8.8.8.8" >> /jffs/configs/dnsmasq.conf.add
$ echo "server=/test.example.com/8.8.4.4" >> /jffs/configs/dnsmasq.conf.add
$ service restart_dnsmasq

Done.
$ nslookup example.com & nslookup foo.example.com & nslookup test.example.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34
Name:   example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find foo.example.com: NXDOMAIN

Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find test.example.com: NXDOMAIN

And from the dnsmasq log
Code:
using nameserver 8.8.4.4#53 for domain test.example.com
using nameserver 8.8.8.8#53 for domain *.example.com
using nameserver 1.1.1.1#53 for domain example.com
query[A] example.com from 127.0.0.1
forwarded example.com to 1.1.1.1
reply example.com is 93.184.216.34
query[AAAA] example.com from 127.0.0.1
forwarded example.com to 1.1.1.1
reply example.com is 2606:2800:220:1:248:1893:25c8:1946
query[A] foo.example.com from 127.0.0.1
forwarded foo.example.com to 1.1.1.1
query[A] test.example.com from 127.0.0.1
forwarded test.example.com to 8.8.4.4
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top