my current setup is pihole + unbound, but because of recent wars i get to see the ugly face of censorship so i cannot access rt.com, the ISP is hijacking the connection and the certificate [image] what are my options? Remove unbound and switch to DOH?

[image] dexsr: what are my options? Remove unbound and switch to DOH? That may work. Try it and see. If you encrypt your DNS to an upstream server, your ISP can't see or tamper with the queries. But, they are free to block the IP if they are intent on censorship. Or use a VPN service to h…

[image] jfb: Have you viewed the certificate to see what problems are shown? [image] thats the certificate

Thats indeed not the cert for rt.com: pi@ph5b:~ $ echo | openssl s_client -connect rt.com:443 -servername rt.com </dev/null 2>/dev/null | openssl x509 -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0e:16:02:3e:77:84:26:4f:27:92:b0:59:5b:2e:d2:85 …

Ow ps, you mentioned Unbound. If this was installed using a distro with a recent openresolv package: pi@ph5b:~ $ apt policy openresolv openresolv: Installed: 3.12.0-1 Candidate: 3.12.0-1 Version table: *** 3.12.0-1 500 500 http://raspbian.raspberrypi.org/raspbian bullseye/main armhf…

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1472 ;; QUESTION SECTION: ;rt.com. IN A ;; ANSWER SECTION: rt.com. 300 IN A 91.215.41.4 ;; Query time: 231 msec Non-authoritative answer: Name: rt.com Address: 91.215.41.4

sorry i dont follow/understand your post

why i need to do the change in the config, afaik i dont have a loop problem

Because of a recent change in the openresolv package that comes with amongst others the Raspbian/Pi-OS Bullseye releases. More info can be found below: [image] WARNING: Raspbian October 2021 release bullseye + unbound Customizing Pi-hole remember this one? be…

Ow ps. because of the unbound misconfiguration, unbound could be configured to use your routers advertised DNS servers (most likely forwarding to your ISP DNS servers) instead of functioning as a true recursive DNS server. Without you even knowing it. If below resolvconf_resolvers.conf file does n…

How to deal with censorship

Help Community Help

deHakkelaar April 13, 2022, 9:21pm 12

Because of a recent change in the openresolv package that comes with amongst others the Raspbian/Pi-OS Bullseye releases.
More info can be found below: