Okay. If you know someone who knows how to use a Unix command line, here is a test to see if dnstt will work. I have set up a dnstt-server that prints the current time when you connect to it. You may have to compile dnstt-client and give the user a binary, if they are not able to download the source code. In one terminal, run dnstt-client:
dnstt-client -udp tns.rinsed-tinsel.site:53 -pubkey 6f78064ecc2147e8f5de5c565e4ad1e6aa28f866b2d28c3685ceca2697a37470 t.rinsed-tinsel.site 127.0.0.1:7000
In another terminal, connect to the client side of the tunnel:
nc -v 127.0.0.1 7000
The dnstt-client terminal should show that a stream began and ended:
2022/01/08 17:25:28 begin stream XXXXXXXX:3
2022/01/08 17:25:29 end stream XXXXXXXX:3
The other terminal should show the current time from the server:
Sat 08 Jan 2022 05:25:28 PM UTC
If it does not work, try again, this time sending queries recursively through the ISP resolver (i.e., nameserver from /etc/resolv.conf) instead of connecting to the dnstt-server directly.
dnstt-client -udp <ISP_DNS_RESOLVER_IP>:53 -pubkey 6f78064ecc2147e8f5de5c565e4ad1e6aa28f866b2d28c3685ceca2697a37470 t.rinsed-tinsel.site 127.0.0.1:7000
You have to use -udp mode. -doh and -dot mode are not likely to work during a shutdown. Unfortunately, -udp mode is easy to detect and block, if the censor knows what to look for. But the contents of the tunnel will still be encrypted.
If the manual test works, the easiest immediate solution to get access is probably to use one of the third-party Android VPN apps that has dnstt capability. I am not involved with any of these, and I don’t know whether they are actually trustworthy or safe. This is not an endorsement. I think they make you watch and advertisement before you get access. But they will be good enough for a test, and perhaps to bootstrap a more stable connection.
Here are a few apps I know of. You can find these in the Play Store with a search for “dnstt” or in some cases “slowdns”. With all of these, you have to download a primary app, plus a secondary dnstt plugin app. If the user cannot access the Play Store, it should be possible to download the APK files and send them through another channel.
- TLS Tunnel + TLS Tunnel DNSTT Plugin
- One VPN + One VPN - DNSTT Plugin
- PurpleVPN + PurpleVPN - DNSTT Plugin
- HkH VPN + HKH VPN - Plugin
You can find some video tutorials for these on YouTube, for example:
If these tests work, a next step is probably to talk to Access Now about establishing proxy servers. You can set up dnstt as a SOCKS proxy, a Tor bridge, a Shadowsocks plugin, and in other ways.