Summary of accessibility of Reddit with Indonesian mobile operators and fixed ISPs (as of 12 April 2022):
Mobile operators: Most operators are already blocking alternative Domain Name System (DNS) resolvers, with DNS hijacking, DNS redirection, Transmission Control Protocol (TCP) reset attack, Server Name Indication (SNI) filtering, and Deep Packet Inspection (DPI). Solution is to use a DPI bypass software (dpitunnel, GoodbyeDPI, GreenTunnel, PowerTunnel), Virtual Private Network (VPN), or Tor
Certain mobile operators aren’t implementing the new blocking mechanism yet, meaning that encrypted DNS systems like DNS over TLS may still usable
Fixed ISPs (fibre or hybrid fibre coaxial): Encrypted DNS systems like DNS over HTTPS, DNS over TLS, DNS over QUIC, and DNSCrypt still work with most fixed ISPs. Modified host file (like bebasid) also still work. Some fixed ISPs are already implementing DNS hijacking, DNS redirection, SNI filtering, and DPI and if that happened with your connection, you can use a DPI bypass software (dpitunnel, GoodbyeDPI, GreenTunnel, PowerTunnel), VPN, or Tor
Certain fixed ISPs are only partially redirecting alternative DNS resolvers (those hosted outside Indonesia), for example MyRepublic. You can use an alternative DNS resolver based in Indonesia to bypass the block (Cloudflare 1.1.1.1 and Quad9 have Indonesian-based resolvers)
You will no longer be able to use Cloudflare 1.1.1.1 or any other popular DNS resolver service in Indonesia.
ISPs have started blocking DNS services that can bypass censorship.
Based of replies, seems like XL Axiata, Tri (3, can confirm that I’m now having trouble getting Private DNS nor Edge/Firefox’s encrypted DNS to bypass domain blocking on ASN45727, but since the DNS servers themselves are still accessible via HTTPS, I’m not sure how to properly test), and Telkom (Telkomsel, Indihome) have started rolling out the block.
MyRepublic (ASN63859) seemingly tried to sniff HTTPS traffic too for a brief period (around ~02:55 2022/05/03 GMT+7, lasted about 3 minutes) as I got an SSL_PROTOCOL_ERROR on browser, and curl showed a blockpage with the insecure flag (I was too stupid to atleast screencap any of these though, sorry )
EDIT: They tried randomly (some connections get through) intercepting and redirecting HTTPS again, but properly (CERT_COMMON_NAME_INVALID with a *.myrepublic.co.id domain subject) and it seemed to only last for an hour (started around ~05:00 GMT+7)
It seems like since 2022-05-17 evening it has been doing DNS poisoning with all DNS resolvers, including the ones based in Indonesia (like Cloudflare’s 1.1.1.1).
Do you experience it with your connection as well? (which I assume is also MyRepublic)
Also 1.1.1.1 (not Cloudflare’s other DoH/DoT servers nor other DNS server such as 8.8.8.8) seemed to be entirely blocked at ~05:00 WIB today on MyRepublic (even pings didn’t pass through), though I forgot to screencap it AGAIN (mostly bc was in a hurry) and it seemed to be lifted already at 06:00
This might be in preparation to enforce the regulations regarding Electronic System Operators (the enforcement period was delayed to 28th July, and the enforcement system have deviated into a 3-strike system instead of direct blocking since the article was posted): https://twitter.com/resir014/status/1547937891380146177
Judging by blocking of third-party DNS resolvers, do your ISPs block unwanted sites by DNS?
Weird, because they have DPI too, but maybe they want to make things easier for themselves.
DNSCrypt (UDP) seems to work even in China.
)