Friday, August 22, 2014

One Way to Bypass ISP DNS Interception on Linux

There are multiple ways to bypass ISP DNS interception. If you are using Linux, one of the easiest way you can try is by redirecting all DNS lookups to port 53 from your PC to an "alternate" DNS port 5353 provided by OpenDNS. What you need is nothing but iptables.

Execute the following commands as root.

# iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to
# iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to

The commands above will redirect all DNS lookup to port 53 from your PC to OpenDNS server on port 5353.

The advantages of using OpenDNS instead of your ISP DNS are:
  1. OpenDNS can be faster than your ISP DNS
  2. You can access websites blocked by your ISP DNS (yay!).


  1. Great and elegant solution.
    Work's without impact to user experience.

    In Italy, Vodafone with ADSL services called "Vodafone Station", manage the DNS entry to guarantee "better performance" ... NO comment.

    With your procedure we were able to bypass Vodafone restrictions.


    1. Same here.

      My ISP is also implementing DNS restriction mandated by the government. However, they can't even guarantee its up time.

      When their DNS is down, everyone will have difficulties accessing websites and simply changing the DNS IP to other DNS provider does not work because they force all DNS traffic to their unreliable DNS server. Every time this happens, I use this technique.

      It is nice to hear that it is working for you.