The Background

We talked earlier about how certain ISPs block websites by using DNS hijack methods and I had recommended using DNSCrypt to bypass it. Well, as part of my home network overhaul, I moved over from the consumer grade (but still decent enough) Asus router over to Ubiquiti stack which, among other things, lead me to use their “Unify Security Gateway (USG)” as the router. Now, this router is pretty decent and is running Ubiquiti’s EdgeOS (derived from Vyatta OS, which in turn is based on linux/debian). You can install and tweak a lot of stuff through command line if you’d like but alas there’s no dnscrypt-proxy available for it.

ISPs in India have been blocking websites since many years. It’s often done without much sense to it. The goveernment/telecom bodies and courts sometimes tell the ISPs to block content instead of telling the same to the websites that host the content. Sometimes, the orders are to block certain urls and ISPs are over-enthusiastic in implementing the orders and block complete websites. It’s all frustrating but it becomes enraging when you find out that the ISPs are messing with your traffic in a less than ethical way to implement this. Earlier, I pointed out how ACT was hijacking my DNS to implement the blocks. Now, they seem to have started doing something else, not sure if it is worse or better though. They are now doing deep packet inspection to find out the sites that I am visiting and thus block them by stopping the responses to my requests.

TLDR;

Indian ISP ACT Fibernet (aka Beam Telecom) hijacks its users’ DNS requests (even when using public DNS servers like Google or OpenDNS) and blocks websites through this method. This has huge implications beyond website blocking and you can’t rely on anything that you are browsing anymore though there are ways available to make yourself safe.

Aside: Indian ISPs are blocking benign/collateral damage sites now like bit.ly for ACT and behance.net for Airtel. Pretty soon most of web will be blocked in India at this rate.