engine: dns interference detection functionality

[c2xusnpq6]

Can you add a dns interference level test?

Because in China, DNS pollution is very serious. It is not necessarily done by the government. The network operator on their side is also very complicated. The network operator will mess with the customer's connection.

(google translated...😅)

[c2xusnpq6]

Especially new tests for DoH, DoQ and DoH3

https://help.nextdns.io/t/x2hmvas/what-is-dns-over-tls-dot-dns-over-quic-doq-and-dns-over-https-doh-doh3

NextDNS DoQ:
quic://firefox.dns.nextdns.io:8853

NextDNS QoH:
https://firefox.dns.nextdns.io/

[c2xusnpq6]

https://adguard.com/en/adguard-dns/overview.html

Adguard DoQ: (port=853?)
quic://dns.adguard.com

Adguard DoH:
https://dns.adguard.com/dns-query

[c2xusnpq6]

Cloudflare also supports two request modes (GET & POST), allowing for more detailed DNS interference testing

https://developers.cloudflare.com/1.1.1.1/dns-over-https/wireformat

[c2xusnpq6]

It’s better to also add those DNS service providers in China

like... alibaba dns, tencent dns, rubyfish dns (chinese version nextdns), baidu dns......

Alibaba: https://www.alidns.com/ Tencent (dnspod): https://docs.dnspod.cn/ Tencent (dnspod for non-chinese user): https://www.dnspod.com/ Baidu: https://dudns.baidu.com/ rubyfish: https://www.rubyfish.cn/ 360: https://dns.360.cn/dnsPublic.html

One more thing... Cloudflare China Network ---> JD Cloud / Baidu Cloud https://www.google.com/search?q=site%3Acloudflare.com+OR+site%3A1.1.1.1+china+OR+chinese+OR+jd+OR+baidu

[hellais]

Thanks for the feedback! We have an experimental test which investigates specifically the blocking of DoH, DoT and DoH3 servers. It's called dnscheck: https://github.com/ooni/spec/blob/master/nettests/ts-028-dnscheck.md.

We are still sorting out the last details about how we are going to actually deploy it in production, but you input on other DNS providers to look into is super helpful.

[c2xusnpq6]

It would be better if the user can test the dns server he wants to test.

[bassosimone]

Yes, I very much agree with you. I think we need to do two things: make Web Connectivity more capable of doing automatic things for automated runs and adding more support of running custom scans of DNS, HTTP, etc.

[c2xusnpq6]

They may not be able to resolve the domain ip

Connect directly by IP:

US https://1.1.1.1/dns-query
US https://8.8.8.8/resolve
US https://8.8.8.8/dns-query
TW https://101.101.101.101/dns-query

[c2xusnpq6]

my friends from mainland China told me that some network operators, communities, and local governments will block 1.1.1.1 and 8.8.8.8

try the backup server, 1.0.0.1, 8.8.4.4 or something like that

[c2xusnpq6]

I heard from people in mainland China that alidns will return blank or wrong ip value to user, such as google search and youtube related domain names

I can't confirm this, I tried it for a while and it worked... So it may be treated separately according to the request source ip