The Background

We talked earlier about how certain ISPs block websites by using DNS hijack methods and I had recommended using DNSCrypt to bypass it. Well, as part of my home network overhaul, I moved over from the consumer grade (but still decent enough) Asus router over to Ubiquiti stack which, among other things, lead me to use their “Unify Security Gateway (USG)” as the router. Now, this router is pretty decent and is running Ubiquiti’s EdgeOS (derived from Vyatta OS, which in turn is based on linux/debian). You can install and tweak a lot of stuff through command line if you’d like but alas there’s no dnscrypt-proxy available for it.

TLDR;

Indian ISP ACT Fibernet (aka Beam Telecom) hijacks its users’ DNS requests (even when using public DNS servers like Google or OpenDNS) and blocks websites through this method. This has huge implications beyond website blocking and you can’t rely on anything that you are browsing anymore though there are ways available to make yourself safe.

Aside: Indian ISPs are blocking benign/collateral damage sites now like bit.ly for ACT and behance.net for Airtel. Pretty soon most of web will be blocked in India at this rate.