top | item 47059375

(no title)

mckirk | 12 days ago

This is only done at the DNS level, so using a different DNS (such as Quad9) solves that issue. For background info, I can recommend [1, 2].

[1]: https://www.youtube.com/watch?v=Uxmu25mUZgg [2]: https://cuiiliste.de/

discuss

sltkr|11 days ago

I never understood why Quad9, which is based in Switzerland, can get away with not applying the Swiss censorship to their DNS servers.

throawayonthe|12 days ago

how can this be done at the dns level? shouldn't ssl certificates prevent third party content from being shown in the browser?

zygentoma|12 days ago

Well, you get the warning, but as long as HSTS is not active, you can still click on "Accept the risk and continue" …

[EDIT:] Just checked a bit closer, they are using an LetsEncrypt cert for "cuii.telefonica.de", which is obviously the wrong domain, but as I said above, as long as HSTS is not active for "annas-archive.li", you can still bypass via the button.

sceptic123|12 days ago

My ISP currently makes them not resolve (with scary sounding domains):

  ; <<>> DiG 9.10.6 <<>> @192.168.1.254 annas-archive.li
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18716
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 4096
  ;; QUESTION SECTION:
  ;annas-archive.li.  IN A

  ;; ANSWER SECTION:
  annas-archive.li. 845 IN CNAME www.ukispcourtorders.co.uk.
  www.ukispcourtorders.co.uk. 511 IN CNAME ukispblk.vo.llnwd.net.
  ukispblk.vo.llnwd.net. 845 IN CNAME ukispblk.vo.llnwd.net.edgesuite.net.

  ;; Query time: 3 msec
  ;; SERVER: 192.168.1.254#53(192.168.1.254)
  ;; WHEN: Wed Feb 18 12:06:25 GMT 2026
  ;; MSG SIZE  rcvd: 169

gzread|12 days ago

It does. The browser won't load the content because it detects your connection was tampered with.

dizhn|12 days ago

They redirect to a different url.

tmalsburg2|12 days ago

If the censoring is at the DNS level, can the admin please replace the domain name in the url with the ip address to which it should resolve? Thank you.

niij|12 days ago

Your country's broken internet is your problem. If you are having DNS queries censored then change your DNS resolver on your client side. If you still get intercepted look into DoH.