ACT Fibernet and OPENDNS

Hi,
I have been on ACT fibernet in Delhi for many months now and am happy with the speed. A couple of days back i noticed interruption in my network which i diagnosed to not being able to use Open DNS anymore. I use that for filtering ,its important in a home with children having access to digital media.

Is anyone else having any such issues ? Anyone using OpenDNS with ACT ?

thanks.

UPDATE: Just spoke to someone from their tech team. It is indeed blocked due to some DNS attack at their end. Even their own DNS server got compromised. They said it should be available in about a month.

yes they had changed there dns but opendns is working fine iam from Hyderabad useing ACTFibernet

WTF! DNS Attack? will be available in a month? Did someone bomb their data center or what.

I am sorry but this "tech team" you just spoke to fed you a load of BS by that response they gave. OpenDNS is a separate entity, they have nothing to do with ACT. If ACT got attacked then it would be ACT's DNS that would be down, not OpenDNS.

You can always check OpenDNS' system status here for yourself - OpenDNS > System (also available at http://208.69.38.170/) There have been no major instances of downtime on that page at all

Please let us know how exactly did you arrive at the conclusion that OpenDNS is at fault? What kind of tests did you run?

Karan,
I dont mean to insult your intelligence and i dont know your technical background but i have some 🙂. So when i say the the opendns servers were not allowing lookups it doesnt mean that Opendns was down. Basically ACT had blocked it from resolving, probably by blocking port 53.

If you want to know how i could tell it was blocked, i spoke to someone at OpenDNS and used their own debug command "
nslookup -timeout=10 -type=txt debug.opendns.com. 208.67.222.222" which then resulted in a timeout which it shouldnt. I also double checked with another network at my house provided by Airtel and it resolved just fine.

The guy i spoke to at ACT did confirm that they had blocked it and also they had put the Google dns as a temporary DNS for their DHCP system to send out. This also i checked in my router log, i was getting 8.8.8.8 as dns once i made the PPPoE connection.

Now obviously the guy i spoke to didnt really know accurately how long it will take so i think he just gave me the 1 month reply. But i checked today and its working again so atleast for now, problem solved. It is also possible that they were screwing around with their DNS and inadvertently blocked OpenDNS and only when i complained they realised it and fixed it. These kind of things do happen in network setups but with ISPs its rare but not impossible.

cheers.

No offense taken. 🙂 Its just the one month response seemed to be one of those "lets feed some BS to this guy to get him off our back".

Good to know that the issue is resolved. :emoji_thumbsup:

if you use ACT Fibernet in PPPOE mode one time or the other they freequently scrue up so its better to configur your router in automatic ip.

It IS set for auto ip, the pppoe is the means to provide the login credentials. The dns is something i set manually to the OpenDNS servers.

Since you're already using OpenDNS, why don't you give Cisco's DNSCrypt a try? It basically encrypts your DNS lookup so ACT can't block your queries in future.

Link - DNS Security with DNSCrypt | OpenDNS

DNScrypt tool - Simple DNSCrypt - Official Project Home Page

DNScrypt is not working for me at all. None of the DNS listed is resolving. OpenDNS works fine normally.

Blocked by ACT?

Source

Lot of DNS hijacking going on ACT. If you were to query a site like liveleak.com, it resolves to 202.83.21.15, an ACT ip. Breaks a lot of stuff.
For eg. pipl.com is rendered useless.

@Jay Which DNSCrypt client are you using? I'm also using OpenDNS but with DNSCrypt. My windows client uses the 443 TLS port so ISP can't block it without breaking the internet. You can use wireshark to capture your NIC and see whats happening when you resolve a domain.

I'm using the OSX Dnscrypt standalone client. Not sure what's happening. Wireshark shows a lot of stuff and I can't make much sense of it. When dnscrypt is running, wireshark shows dns queries being sent via port 53 (if I'm reading that correctly) but not getting any response.

I switched to Windows and used the simplednscrypt client with opendns and it worked for a little while, but then stopped resolving altogether.

Once you start capturing the NIC in wireshark, you can filter the DNS queries by using the QUIC keyword:



The destination port should be 443. If It is 53 and the packets aren't using QUIC protocol then DNSCrypt is not being used to resolve any queries. Please make sure to enable the DNSCrypt service in the client and the DNS field for your adapter should contain 127.0.0.1 as primary.

The client in both Mac and Windows automatically populates the DNS field in the network settings. For the mac it shows 127.0.0.54 and for windows its 127.0.0.1. The Mac client proved useless. There is no QUIC anywhere and like before the destination port is 53 and not resolving.


Windows first gave me this, with the dns not resolving



I tinkered around in the settings and switched 443 to tcp from udp and now it works. Shouldn't it work over udp?

I have to figure out how to get the mac client working. the Windows clients have a lot more options.

It should work but looking your capture, ACT might be blocking UDP packets over port 443. That could be the reason it failed to work previously.