is there any major benefit of using alternate dns?

[AleYmple]

So i'm using excitel's dns since the connection was installed in my home, never had any problem of domains not loading or stuff and many people over reddit suggest that Cloudflare's 1.1.1.1 and Google's 8.8.8.8. is the one people should use. I pinged the dns server of excitel, 1.1.1.1 and google.
Ofcourse the excitel one will be fastest but surprisingly google one was the next fastest dns having just 4ms whereas 1.1.1.1 was 50 to 60ms.
I can see if sites are blocked then we can use other dns servers but what are the other benefits people tend to go for other dns providers?

 

[JB701]

on Excitel alt DNS doesn't work its all routed through Excitel's own dns. You'll need to use Dns over https or Dns over tls. Google DNS should be the fastest on Excitel.

 

[AleYmple]

@JB701 also if we use dns over https or dns over tls. do our browsing history gets hidden from isp too?

 

[JB701]

Excitel logs every TCP Connection attempt you make. So even if you use DoH, Excitel can still see the IP Address of the sites you visit. They can also see the domain name using Server Name Indication (SNI).

They just can't see or alter what's inside the query, however, it shows up as a connection from your Carrier Grade NAT IP to (let's say) 8.8.8.8 on TCP Port 853 in case of DNS over TLS or TCP Port 443 in case of DNS over HTTPs.

Example:

Source	Destination	Src Port	Dest Port	Protocol
10.41.51.55 (your CGN IP)	1.1.1.1	52919 (ephemeral port)	443	TCP

Source	Destination	Src Port	Dest Port	Protocol
10.41.51.55 (your CGN IP)	1.1.1.1	52929 (ephemeral port)	853	TCP

So if you go to google.com/maps for instance Excitel knows that you made a connection to Google Servers and logs both your Carrier Grade NAT IP and IP of Google. I know that they do log connection attempts over TCP.

Example:

Source	Destination	Src Port	Dest Port	Protocol
10.41.51.55 (your CGN IP)	216.58.200.206 (Google)	55114 (ephemeral port)	443	TCP

They can also see that you visited google.com using SNI but can't see you are visiting google.com/maps (just google.com) or the contents inside (assuming https is used). Though afaik Excitel doesn't do this on their routers.

If you don't want Excitel to see any connections you make to which sites use a VPN. UDP Connections from what I know isn't logged by Excitel at all.

 

[AleYmple]

Ah okay, thanks for your answer man.

 

[Realme]

@JB701 : What's the use of so many logs, wouldn't it overwhelm their routers(log creation) and soonr un out of memory as many logs might be dns, gif servers

 

---

[JB701]

They only log TCP Packets with only SYN Flags turned on to reduce log size.

DNS mainly uses UDP.

Also, despite having two DNS Servers, Excitel forwards all DNS Traffic to only one server 103.56.228.140 idk why. Atleast this seems to be the case on router I'm connected to.

 

[Adithya]

@JB701 : What's the use of so many logs, wouldn't it overwhelm their routers(log creation) and soonr un out of memory as many logs might be dns, gif servers

Could be this: Data Retention in India — The Centre for Internet and Society.

And this: Telecom cos, internet providers must retain records for stipulated periods: SC - India Legal

 

[Gokul Kannan]

@JB701 : What's the use of so many logs, wouldn't it overwhelm their routers(log creation) and soonr un out of memory as many logs might be dns, gif servers

ISPs usually don't log on their routers, they use dedicated syslog severs to injest logs from multiple routers, firewalls and applications.

 

[JB701]

Yea, Excitel uses RADIUS Protocol for all config and logging. Even more reasons to use a VPN.

I think Excitel themselves might be breaking some policies mentioned (almost every ISP is not following everything on this list):

According to the ISP License, each ISP must maintain:

• Users and Services: A log of all users connected and the service they are using, which must be available in real time to the Telecom Authority. (Section 34.12).
• Outward Logins or Telnet: A log of every outward login or telnet through an ISPs computer must be available in real time to the Telecom Authority. (Section 34.12).
• Packets: Copies of all packets originating from the Customer Premises Equipment of the ISP must be available in real time to the Telecom Authority. (Section 34.12).
• Subscribers: A complete list of subscribers must be made available on the ISP website with password controlled access, available to authorized Intelligence Agencies at any time. (Section 34.12).
• Internet Leased Line Customers: A complete list of Internet leased line customers and their sub-customers consisting of the following information: name of customer, IP address allotted, bandwidth provided, address of installation, date of installation/commissioning, and contact person with phone no./email. These must be made available on a password protected website (Section 34.14). The password and login ID must be provided to the DDG (Security), DoT HQ and concerned DDG(VTM) of DoT on a monthly basis. The information should also be accessible to authorized government agencies (Section 34.14).
• Diagram Records and Reasons: A record of complete network diagram of set-up at each of the internet leased line customer premises along with details of connectivity must be made available at the site of the service provider. All details of other communication links (PSTN, NLD, ILD, WLL, GSM, other ISP) plus reasons for taking the links by the customer must be recorded before the activation of the link. These records must be readily available for inspection at the respective premises of all internet leased line customers (Section 34.18).
• Commercial Records: All commercial records with regard to the communications exchanged on the network must be maintained for a year (Section 34.23).
• Location: The service provider should be able to provide the geographical location of any subscriber at a given point of time (Section 34.28(x).
• Remote Activities: A complete audit trail of the remote access activities pertaining to the network operated in India. These must be retained for a period of six months, and must be provided on request to the licensor or any other agency authorized by the licensor (Section 34.28 (xv).

Users and Services yes. Excitel can see all the users currently connected very easily and service they are using can be kinda figured out from IP Address maybe.

Outward Logins or Telnet yes. Excitel also logs all the connection attempts to their routers and devices

Packets. Not really, I don't think Excitel (or most ISPs) is copying all the packets in real time, that will require quite a bit of resources.

Diagram Records and Reasons. Excitel has serveral graphing systems in place for example Cacti.

Subscribers. Yes Excitel has portals for it

 

[Lameseries]

VPN which have indian location and does not keep logs?

 

[JB701]

I don't think most VPNs keep logs even in Indian location. Though can't prove it unless someone gets access to their routers/servers.

 

[Lameseries]

if i use a https proxy using a vm like aws or DigitalOcean, will it encrypt my usage from excitel?

 

[Sudarshan61]

I don't think most VPNs keep logs even in Indian location. Though can't prove it unless someone gets access to their routers/servers.

What logs we are talking about?

Almost all VPN keep below info
1. IP/MAC address of device used to connect
2. Connection time(Start/End)

 

[JB701]

Connection time maybe.

They can't get MAC Address unless their own application gets it from the OS.
Most VPNs at least claim to not log IP Addresses of devices connecting to it. Whether this is true or false can't be known.

I think some VPN Providers like PIA have been subpoenaed in the past and had basically no info or logs to give to court. Now that PIA is owned by Kape Technologies it may not be the case.
Private Internet Access' "No-Logging" Claims Proven True Again in Court * TorrentFreak