neat
I wonder how that works, I don’t know how they’d do it purely with DNS
According to one of the comments in the source link (by u/gustothegusto on Reddit):
For anyone wondering how it works, it’s DNS level geo spoofing. When you try to visit a site that requires ID in your country, the resolver intercepts the DNS request and instead of giving you the real IP, it points you to one of their proxy servers located in a country without the ID requirement. From your browser’s perspective, it’s still connecting to the site, but from the site’s perspective, the traffic is coming from that other country. This is similar to what ControlD does with their “teleport locations” feature.
This should be trvial for the other privacy DNS providers to do then. Hopefully Mullvad DoH will follow soon.
instead of giving you the real IP, it points you to one of their proxy servers located in a country without the ID requirement.
Sounds a bit weird, if it’s just pure dns. Because if your dns server gives you a random proxy server instead, it sounds like this would break https right?
No it wouldn’t break. HTTPS is the end-to-end encryption of HTTP. As long as you pass the original connection without altering it it’ll be safe.
Right - DNS would pass your connection to a geographically different server, with which you create a secure connection.
The question was about a “random proxy server”. You can proxy HTTPS as a third party too without breaking it.
I’m not saying that’s what they are doing though. It’s possible they do this by just serving an IP in a different country. I haven’t looked too much into it. In neither of the cases it would break HTTPS.
Good point. Thanks for helping me read more carefully!
When you’re logged into your NextDNS account, this setting is currently located under the Settings tab, about halfway down the page, after CNAME Flattening.
I wonder if deliberately crappy “alibi” age verification is going to be a thing and bypassing it becomes an open secret.
