Skip to main content
Topic: Bypassing "NO DNS" on Comcast, Charter, Spectrum, Time Warrner & RoadRunnere (Read 306 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Bypassing "NO DNS" on Comcast, Charter, Spectrum, Time Warrner & RoadRunnere

Symptom: If you name a DNS server that IS NOT a Comcast, Charter, Spectrum, Time Warner or Road Runner DNS server, you won't have any DNS service (generically speaking) on those ISP's at all, and you might spend a lot of time troubleshooting the problem.

The DNS servers I've found that work on those ISP's are: 71.10.216.1, 71.10.216.2, 50.229.52.23 and 50.229.170.233.

ALLEGEDLY this DNS blocking is done for "Security Reasons".

To circumvent the problem, I've found you can simply install the pacman package dns-over-https.  It seems to work.

I added the below lines to the  /etc/pacman.conf file (below the [Galaxy] section ), though I'm not sure it was completely necessary.
[extra]
Include = /etc/pacman.d/mirrorlist

I also added an updated list of pacman servers TO THE BOTTOM of /etc/pacman.d/mirrorlist, which may have helped.

Acquire that list at: https://archlinux.org/mirrorlist/

(I'm such a newbie, right?)

Beyond that, it's pretty much just a one-liner:

pacman --sync dns-over-https

I have the S6 version and went nuts trying to figure out hard to start the service but you really don't have to: Network Manager seems to do that for you.  If you DO NOT  have the S6 version of Artix Linux, you may have to:

/usr/bin/sysctl enable doh-client.service

This seems to be done automatically by /etc/NetworkManager/dispatcher.d/doh-client

I dunno.  Again, I'm such a newbie.

Anyway, once you've installed this (as above), just use Network Manager to set the DNS to 1.1.1.1 (Cloud Flare DOH), disable and re-enable the network connections (again with Network Manager -- or reboot)...and it works.

I haven't found that it helps to modify /etc/dns-over-https/doh-client.conf.  That's going to get modified by Network Manager and likely wipe out what you've done anyway. It's kind of like modifying /etc/resolv.conf: there's not much point.

You could verify this install is working with netstat -cwatupWU or (this will take forever) ss -bar0 -A 'inet'.

If you don't see any Comcast, Charter, Spectrum, Time Warner or Road Runner IP's (assuming you're not otherwise connected to them...then IT WORKED!

Likely, you'll see one.one.one.one:domain ESTABLISHED or udp ESTAB one.one.one.one:domain.

That's Cloud Flare.  That means that it worked.  Wooo-hooo.

The implication is that you CAN bypass DNS restrictions FOR ANY BROWSER or ANYTHING else net-bound, without having to utilize a specific browser and modify it for DOH.

So easy.

Hope this help in troubleshooting and bypassing POTENTIAL censorship. 

I haven't had any problems to date with Cloud Flare and censorship.  Maybe, in the future, there will be other DOH servers.  There is also the possibility of establishing YOUR OWN DOH server, though I haven't attempted that nor do I feel I have the need to do that.

Here's a link which might prove didactic

archlinux.org/packages/?name=dns-over-https

Thank you, Artix Linux for the distro!!! 

Here's some other links for distros, other than Artix Linux, as you might have, including Windows (althogh Microsoft Edge and Vivaldi browsers have their own censorship issues this isn't going to solve).

github.com/m13253/dns-over-https
pkg.cloudflareclient.com

Good Luck!
QuickTime v6 (and presumably above) requires IPv6.
I block ALL of IPv6!
I also block all Amazon, Google, Microsoft/Bing/Azure/LinkedIn/Yammer, Edgecast/Fastly/ANS Comm,  Facebook/Meta, Twitter/X, as well as any other IP's which show up on my firewall (about 3% of all IPv4).  Consequently, I do NOT have email addresses nor accounts on any of these systems.  Please don't ask!

Re: Bypassing "NO DNS" on Comcast, Charter, Spectrum, Time Warrner & RoadRunnere

Reply #1
Install artix-archlinux-support and only then modify mirrorlists.