My ISP is intercepting DNS queries for YouTube and other Google services, even though I run my own recursive resolver. Google doesn't use DNSSEC.
How do I fix this? Running a resolver in a VPS and VPNing out to it seems like overkill, but I can't think of any other way to get around this. Ideas?
>>57672072
Run your own dns server?
Also how/why is your isp intercepting dns queires?
>>57672072
Dnscrypt is what I use, works well for my purposes. Honestly it's noticeably slower but not by much
>>57672705
I do. Hence, "my own recursive resolver".
>>57672796
Based on what I read, you basically host the actual resolver outside the untrusted network, then dnscrypt is like a forwarder that connects to the actual resolver?
>>57673344
Yes basically. I use d0wn's resolvers, which also go to opennic which I like
>>57672072
You completely misunderstand what DNSSEC does.
>>57672072
How can you tell? Was thinking of hosting my own dns server because my local one goes down all the time. Didnt know they can even do that.
>>57674353
I know exactly what DNSSEC does. My local resolver rejects unauthenticated records that should be authenticated.
>>57674683
Because the IP that youtube resolves to has a PTR of something.primesignal.com. primesignal is owned by my ISP according to whois, and is in their IP space.