Does ISP hijack DNS?

-Grift-

Senior Member
Joined
Apr 4, 2015
Messages
980
Reaction score
17
Code:
Test complete

Query round Progress... Servers found
  1          ......              1
  2          ......              1
  3          ......              1
  4          ......              1
  5          ......              1
  6          ......              1
IP	Hostname	ISP	Country
119.56.**.***	***.**.56.119.unknown.m1.com.sg	M1	Singapore

Local hosted pihole + Unbound as resolver
 

miloaisdino

Senior Member
Joined
Mar 25, 2016
Messages
843
Reaction score
26
Yes, once i saw singtel replace google ip with internal transparent proxy which caches google.
 

uncle_josh

Master Member
Joined
Jun 16, 2018
Messages
3,041
Reaction score
740
JjN1FvR.png


ISP : SH

Using OpenDNS
 

Ah-Pin-Kor

Great Supremacy Member
Joined
Apr 2, 2008
Messages
55,970
Reaction score
2,310
I think you should also indicate whether you are using ONT or ONR and also whether you are using ISP provided router running their ISP customised firmware.

From my previous experience with SH fibre using ONT and own router I was able to pass the OpenDNS check.
 

dryteletubby

Senior Member
Joined
Aug 25, 2017
Messages
2,302
Reaction score
1
So currently M1 and starhub pass

Singtel probably is spying on their users.

Still waiting for viewquest, whizcomms & myrepublic users
 

miloaisdino

Senior Member
Joined
Mar 25, 2016
Messages
843
Reaction score
26
Why does an ISP want to do DNS hijack?

Spying maybe, but also to route traffic thru transparent proxies and apply traffic shaping... definitely not for caching as if yr dns request does not match a 'targeted' domain, they wont poison.
 

amazingone

Great Supremacy Member
Joined
Jan 14, 2015
Messages
66,556
Reaction score
6,041
Extended test
kzNVyEA.png


On Singtel fibre, w/o using any third-party DNS services.
 

dryteletubby

Senior Member
Joined
Aug 25, 2017
Messages
2,302
Reaction score
1
Is there any advantage of not using the ISP DNS server?

Well you can bypass censorship, as for Google DNS and cloudfare both of them supports dnssec and DNS over https. Both should prevent ISP (Singtel) form hijacking your DNS traffic.
 
Last edited:

chengsun

High Supremacy Member
Joined
Oct 5, 2004
Messages
38,501
Reaction score
12
Well you can bypass censorship, as for Google DNS and cloudfare both of them supports dnssec and DNS over https. Both should prevent ISP (Singtel) form hijacking your DNS traffic.

escape censorship as in ... porn, ect?

I think ISP block them at another level, like firewall. At least the ISP that I worked for last time did it that way. they have 1 equipment just for this purpose. every now and then IDA would send letter/email to the company telling them to block sites, a whole list. after legal team vent through, it was passed to system team process. one of my task was to process that..... well, that censorship only applies to residential customers. commercial customer no such censorship.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ Forums. Forum members and moderators are responsible for their own posts. Please refer to our Community Guidelines and Standards and Terms and Conditions for more information.
Top