LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How can an ISP interfere with DNS, and what are the two main countermeasures?

An ISP can block resolution / return poisoned records, or redirect third-party DNS queries to its own servers; you counter with custom resolvers and, more robustly, encrypted DNS.

The problems:

  1. ISP blocks DNS resolution: the default ISP DNS server refuses certain domains or answers with false IP records (DNS poisoning).
  2. DNS redirection: queries sent to third-party resolvers (e.g. 8.8.8.8 or 1.1.1.1) are redirected by the ISP to its own servers or blocked entirely.

The countermeasures:

  1. Alternative DNS servers: configure custom resolvers in the router or device (e.g. Cloudflare 1.1.1.1, Google 8.8.8.8, Quad9 9.9.9.9).
  2. Encrypted DNS: don't send DNS over plain UDP port 53 — use DoT, DoH, or DoQ to prevent manipulation and surveillance.

A tool like OONI Probe can detect this: a result of "Anomaly – DNS tampering" means the DNS answer was altered in transit.

Tip: Just switching to 1.1.1.1 isn't enough if the ISP redirects port-53 traffic — encrypted DNS is what actually defeats interception, not just choosing a different resolver.

Go deeper:

From Quiz: PRIVACY / Anonymous Surfing, Tor & Location Tracking | Updated: Jul 05, 2026