Friday, August 22, 2014

One Way to Bypass ISP DNS Interception on Linux

There are multiple ways to bypass ISP DNS interception. If you are using Linux, one of the easiest way you can try is by redirecting all DNS lookups to port 53 from your PC to an "alternate" DNS port 5353 provided by OpenDNS. What you need is nothing but iptables.

Execute the following commands as root.

# iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to
# iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to

The commands above will redirect all DNS lookup to port 53 from your PC to OpenDNS server on port 5353.

The advantages of using OpenDNS instead of your ISP DNS are:
  1. OpenDNS can be faster than your ISP DNS
  2. You can access websites blocked by your ISP DNS (yay!).