1 edit | DNSCrypt for Windows - Work on FiOS? OpenDNS has released DNSCrypt for Windows. However it doesn't work unless use over TCP port 443 option is selected (this is slower and makes it look like HTTPS traffic). I contacted OpenDNS and they said it is either my router or more likely my ISP.
When I replied asking if I can determine which one is blocking it they gave me this response: "When DNSCrypt only works over TCP port 443 this generally indicates that your ISP is running a transparent proxy or hijacking your DNS requests on port 53, the standard port for DNS. Unfortunately, there is nothing we can do on our end to prevent this behavior, though you may be able to contact your ISP for more information."
Anyone have any idea if I (or any of us that wants to use it) can do anything about it?
Here is the link to DNSCrypt: »blog.opendns.com/2012/05/08/dnsc···arrived/ |
|
 nycdavePremium,MVM
join:1999-11-16
Melville, NY
kudos:10 | Are you using Verizon DNS servers? If you are already using OpenDNS, Verizon isn't doing any DNS redirects, etc....
No port filtering is done on dynamic accounts, except port 25. |
|
| No, I am already using OpenDNS servers. Any idea on how to fix this? |
|
 More FiberPremium,MVM
join:2005-09-26
West Chester, PA
kudos:28 | Unfortunately OpenDNS doesn't provide any technical information.
I downloaded and installed it. IPCONFIG /ALL shows that my DNS servers have been changed from what they were to OpenDNS servers. Seems to be working without selecting port 443.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.
|
|
| Mine says Unprotected  |
|
| reply to nycdave
said by nycdave:Are you using Verizon DNS servers? If you are already using OpenDNS, Verizon isn't doing any DNS redirects, etc....
No port filtering is done on dynamic accounts, except port 25.
Verizon does do a redirect to a search page for failed DNS lookups. |
|
More FiberPremium,MVM
join:2005-09-26
West Chester, PA
kudos:28 | said by tennisman94:Verizon does do a redirect to a search page for failed DNS lookups. That's only if you're using VZ's DNS servers.
The OP is using OpenDNS's servers.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.
|
|
| said by More Fiber:said by tennisman94:Verizon does do a redirect to a search page for failed DNS lookups. That's only if you're using VZ's DNS servers. The OP is using OpenDNS's servers. I see it now. I misread nycdave's post. I didn't even consider that it would be possible for Verizon to manipulate DNS requests to alternate servers, but I guess that's why DNScrypt was created in the first place. |
|
| said by tennisman94:said by More Fiber:said by tennisman94:Verizon does do a redirect to a search page for failed DNS lookups. That's only if you're using VZ's DNS servers. The OP is using OpenDNS's servers. I see it now. I misread nycdave's post. I didn't even consider that it would be possible for Verizon to manipulate DNS requests to alternate servers, but I guess that's why DNScrypt was created in the first place. No, I don't think Verizon can manipulate DNS requests to alternate servers. DNSCrypt is to make it harder to read your DNS requests. It makes it harder for people to read what sites your accessing and it is harder for attackers to manipulate your requests, like making man-in-the-middle attacks harder. |
|
More FiberPremium,MVM
join:2005-09-26
West Chester, PA
kudos:28 | said by mnl1121:I don't think Verizon can manipulate DNS requests to alternate servers. VZ does in fact manipulate DNS responses.
If you lookup a non-existent domain, VZ's DNS servers will return a VZ hosted search page instead of correctly returning a 404 error. You can disable that behavior by changing the last octet of the DNS server address from .12 to .14 (or by using another DNS provider such as OpenDNS).
--
There are 10 kinds of people in the world; those who understand binary and those who don't.
|
|
| said by More Fiber:said by mnl1121:I don't think Verizon can manipulate DNS requests to alternate servers. VZ does in fact manipulate DNS responses. If you lookup a non-existent domain, VZ's DNS servers will return a VZ hosted search page instead of correctly returning a 404 error. You can disable that behavior by changing the last octet of the DNS server address from .12 to .14 (or by using another DNS provider such as OpenDNS). Yeah, but I meant if your using OpenDNS servers VZ doesn't manipulate DNS requests/responses. Or am I mistaken? |
|
| reply to mnl1121
So does anyone know how to fix this? Really doesn't make any sense. |
|
| DNSCrypt Works Beautifully with FiOS. I tested in wireshark and verified it. I have to use it in TCP/SSL mode it doesn't work over UDP. It uses SSLv1 not TLSv1.2 unfortunately. |
|
|
|
1 edit | said by bigdaddy:DNSCrypt Works Beautifully with FiOS. I tested in wireshark and verified it. I have to use it in TCP/SSL mode it doesn't work over UDP. It uses SSLv1 not TLSv1.2 unfortunately.
Well it doesn't work with my FiOS, and according to OpenDNS's FAQ it doesn't use SSL.
EDIT: do you guys have Windows Firewall enabled? |
|
| OK Use this link »shared.opendns.com/dnscrypt/pack···.0.4.exe
Deselect Fallback to insecure DNS and select DNSCyrpt Over TCP / 443. This will Work With Verizon FiOS Internet. |
|
| Yes as I've said it works with the over TCP option enabled, however its slower and I'd rather not have to use that option. Other FiOS users are reporting not having to use that option and I'd like to know why. |
|
