Skip to content

Instantly share code, notes, and snippets.

@noaione

noaione/fuck_pse.md

Last active July 31, 2022 06:13
Show Gist options
  • Save noaione/8462492bf089df2177de79039b1ce06a to your computer and use it in GitHub Desktop.
Save noaione/8462492bf089df2177de79039b1ce06a to your computer and use it in GitHub Desktop.
Download ZIP
Circumventing Indonesia Stupidly Amazing Blocking System
Raw
fuck_pse.md

Circumventing Indonesia Stupidly Amazing Blocking System

a.k.a you should go buy a VPN or setup a proper DNS resolver because it's DNS level blocking lmao (with some hijacking sprinkled)

Dalam Bahasa Indonesia

Easiest way out is to go get Simple DNSCrypt (https://simplednscrypt.org/) (Windows Only)

  1. Install it
  2. In Resolvers, deselect everything and select either cloudflare (doh) or Google resolver
  3. Disable Automatic mode in Resolvers
  4. Go to Advances settings, and enable DNS cache for faster resolving
  5. Go to the Main Menu and enable DNScrypt and DNS-over-HTTPS
  6. Enable the DNScrypt service and install it
  7. Change your System DNS to 127.0.0.1

Want to make it as a service where it enable everytime you restart without any GUI? Say no more. (Works on Windows/macOS/Linux)

  1. Get dnscrypt-proxy2 and download it somewhere https://github.com/DNSCrypt/dnscrypt-proxy/releases
  2. Copy example-dnscrypt-proxy.toml and rename it to dnscrypt-proxy.toml
  3. Open that in Notepad
  4. Find this line: # server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
  5. Remove the leading hash (#) and set the server_names to just cloudflare and cloudflare-ipv6 (server_names = ['cloudflare', 'cloudflare-ipv6'])
  6. If you have IPv6, find ipv6_servers line and set it to true
  7. Save it
  8. Run service-install.bat as an administrator
  9. If you made any changes, run service-restart.bat as an administrator
  10. Change your System DNS to 127.0.0.1

Example of proper configuration of dnscrypt-proxy.toml: https://gist.github.com/noaione/1e9c743709af1c66fcbf55795a999c73

If you still can't access it, let's force DoH on our Cloudflare DNS!

  1. Open dnscrypt-proxy.toml
  2. Scroll to the bottom of the file until you find [static]
  3. Add this following line (1.1.1.1, DoH, No Logs)
  [static.'cloudflare-doh-force']
  stamp = 'sdns://AgcAAAAAAAAABzEuMC4wLjEAEmRucy5jbG91ZGZsYXJlLmNvbQovZG5zLXF1ZXJ5'
  
  [static.'cloudflare-ipv6-doh-force']
  stamp = 'sdns://AgcAAAAAAAAAFlsyNjA2OjQ3MDA6NDcwMDo6MTExMV0AIDFkb3QxZG90MWRvdDEuY2xvdWRmbGFyZS1kbnMuY29tCi9kbnMtcXVlcnk'
  1. Find server_names again, then add cloudflare-doh-force and cloudflare-ipv6-doh-force or replace it to change the resolver to our new DNS stamp
    server_names = ['cloudflare-doh-force', cloudflare-ipv6-doh-force] or server_names = ['cloudflare-doh-force', cloudflare-ipv6-doh-force, 'cloudflare', 'cloudflare-ipv6']
  2. Save then restart dnscrypt-proxy

More info about setting DoH on Windows DNS: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Local-DoH

Only need it in Browser only? (Not recommended tbh)
Chrome/Edge

  1. Open chrome://settings/security (Chrome) or edge://settings/privacy (Edge)
  2. Enable Secure DNS
  3. Select With, then select Clouflare or any other from the list

Firefox

  1. Open preferences, and search for Network Settings
  2. Click Enable DNS over HTTPS
  3. Select any provider from the list and save

If somehow I can't use Cloudflare or other resolver?
Use a VPN, or ask a friend that have a custom DNS resolver setup and beg them to give access to it.

Or you can try making an account in NextDNS (https://nextdns.io/) and setup your DNS resolver to it. They have a guide on how to set it up for Windows, Android, iOS, dnscrypt-proxy, and more.

You use Android?
If you have Android 9+

  1. Go to your network settings
  2. Find Private DNS or something like that
  3. Set to Private DNS provider hostname and enter one.one.one.one

If you have anything but Android 9+
Install 1.1.1.1 app, and set to DNS mode only (if it doesn't work, set to WARP + DNS mode)

You use iOS?
Use 1.1.1.1 app

I don't like DNS
Go buy a fucking VPN, I. Do. Not. Recommend. Free. One.

Recommended list of paid VPN that is good and have a great privacy policy:

The pricing I put is their base rate, some discount will be applied if you buy for months/year (not applicable to Mullvad)

https://freedom.press/training/choosing-a-vpn/

But, but, I don't want to use VPN or a DNS
Go find a provider that does not follow the Minister rule or go to another country.

@noaione
Copy link
Author

noaione commented Jul 30, 2022
edited
Loading

App recommendation (even more if you use Indigay)

https://www.reddit.com/r/indonesia/comments/tzj5h4/comment/i4f7z94

A website where you can see if it's got blocked or not
https://kominfod.angelo.fyi/

@noaione
Copy link
Author

noaione commented Jul 30, 2022
edited
Loading

Changelog

v1.0.1

  • Add information to force DNS over HTTPS for dnscrypt-proxy
  • Add Cloudflare WARP+ to recommended "VPN"

v1.0.2

  • Add pricing info for Cloudflare WARP+
  • Add a way if you don't want to use VPN or DNS.

v1.0.3

  • Update DNS Stamp for Cloudflare DNS
  • Add information to set the DNS to dnscrypt-proxy listener

Copy link

ghost commented Jul 30, 2022

Gamers rise up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment