Is it ACT or my router

nidijogi

New Member
[OP]
Jun 24, 2018
3
0
I am getting a TLS error on certain sites across browsers and machines.
Is ACT actively blocking those sites or is my router incorrectly configured.
The sites used to work till a week back. ACT Bangalore subscribers pls PM me for the site address and we can compare.
 

Sushubh

Administrator
Oct 29, 2004
413,759
12,761
Gurugram
ACT scares me tbh. They have been known to intercept dns for even safe domains. I would not be surprised that they have started doing even nastier things now like intercepting secure traffic.
 

varkey

Newbie
Regulars
Jun 11, 2006
229
53
Would be interesting to see which certificate it is presenting when you access those sites. Also as it would be a public site, I don't see a reason to obfuscate or hide the site(s) in question.
 


nidijogi

New Member
[OP]
Jun 24, 2018
3
0
ACT scares me tbh. They have been known to intercept dns for even safe domains. I would not be surprised that they have started doing even nastier things now like intercepting secure traffic.
Possible, which is why I need to compare with another user.
I have experienced selective throttling on ACT before.
 

madh123

Member
Dec 8, 2015
11
2
I would suggest you to use Cisco DNS 208.67.222.222 as they have a POP in India now. Change DNS settings in internet or WAN section of router and see if it makes any difference.
 


Jay

Regulars
Sep 4, 2014
313
87
ACT hijacks DNS queries over port 53 regardless of the DNS provider you use, to block websites . Using dnscrypt is the only way to bypass this. OpenDNS - DNS Security with DNSCrypt | OpenDNS

ACT seems to be using a local cache of google dns as their dns resolver, routing just the blacklisted domains to their IP and dropping the connection.

When an ISP intercepts all dns traffic to implement a blacklist, and if the ISP dns gets attacked and compromised(see below thread), it may serve you bad domains making you susceptible to MITM attacks and phishing, effectively bypassing your public dns resolver.

ACT Fibernet and OPENDNS

UPDATE: Just spoke to someone from their tech team. It is indeed blocked due to some DNS attack at their end. Even their own DNS server got compromised. They said it should be available in about a month.
Upon @manojrk's advice I have completely moved over to dnscrypt everywhere, including phones and not only can I access everything I have more peace of mind these days.
 
Reactions: varkey