Lutfi Industries

Transparent DNS Proxies by ISPs

Transparent DNS Proxies were implemented by Malaysian ISPs on Cloudflare and Google Public DNS Servers per Internet Monitoring Action Project’s (IMAP) findings.

This is not unique to Malaysia as one could easily speculate that this is in fact a common practice for any ISPs to enforce censorship.

Transparent DNS Proxies allow an ISP to intercept all DNS lookup requests (TCP/UDP port 53) and transparently proxy the results, forcing you to use their DNS service for all DNS lookups & not that of those which you specified in your router or local machine.

One can check for DNS leakage – or in this case whether your DNS queries are routed to your desired nameservers or your ISP’s – here.

It can also be done via terminal by entering the following command, with The Pirate Bay being the chosen URL for being a widely known website blocked by ISPs:

$ dig @1.1.1.1 thepiratebay.org

Amongst the output, look under 

; ANSWER SECTION:

If the output underneath, paying attention to the A-record, reads:

thepiratebay.org. 267 IN A 162.159.137.6
thepiratebay.org. 267 IN A 162.159.136.6

it means that your DNS request is routed through per the intended DNS nameserver.

IF the output underneath, paying attention to the CNAME-record, reads, say:

thepiratebay.org. 5 IN CNAME mcmc.time.net.my.
mcmc.time.net.my. 924 IN A 175.139.142.25

it means that your DNS request is intercepted by your ISP’s proxy which should explain why the site is unaccessable despite having configured your DNS resolution to resolve to that of your desired nameservers.

What is happening is basically a form of DNS leakage.

To prevent leakage,

  1. Use a 3rd party router on top of your ISP’s – ONT/ONR if it’s fiber, modem/router if it isn’t – & configure accordingly.
  2. Configure your machine to route DNS requests to your desired nameservers as explained here if you are running Ubuntu or other Debian-based distros.
  3. Enable DNS-over-HTTPS on your web-browser. Read more if you are using Chrome.
Resources / Read more

Internet Monitoring Action Project

DNS Leak Test

Transparent DNS Proxies

News coverage on Malaysian ISP implementing transparent DNS proxies

Followup news; response from Malaysian Communications and Multimedia Commission (MCMC)

In