Most stock ISP routers in Germany I've seen allow you to set custom DNS in a straightforward manner.
And even if they don't, for a few years now there is a law that guarantees you the right to choose your own router (because previously we had quite bad bundling that forced you to rent the ISPs router), so ISPs can't lock you in like that.
There are two types of routers consumers get here. Those where you can nearly change everything regarding DHCP and such and those given you by cable companies where you can’t even change the IP address of said router.
The latter usually allows you to disable its IPv4 DHCP sever though but enforce itself as the IPv6 DNS server across your network, which can’t be disabled on your own.
I am sure if you use DoT or DoH it's going to be very hard for ISP to block using your own DNS even if you rented a modem/router from them. It does need client-side support though.
No need for client support, you could just deploy it on a Linux vm running somewhere on your network and let that be the dns server served via dhcp.
For extra points you could deploy a firewall which intercepts all DNS requests and forwards them to that machine. Some apps have hardcoded DNS servers and ignore what you have configured.
Not really! You can buy a router that ships with OpenWrt out-of-the-box and just toggle a little checkbox. Plug that into your ISP's router (or use a wireless bridge in client mode, that's supported, too) and connect all of your devices through that. Now all your devices use DoH and don't even know it.
not really feasible for non technical folks but at that point you start to run a dns proxy in cloud with static ip and proxy all your dns requests using DoH to that IP. That would be really hard to block without blocking all outbound https connections
how does that work? You can just set your operating system to not use the ISP provided DNS server, even if the ISP provided router/modem is locked and cannot be changed.
They could block all outgoing traffic to port 53, although you could work around that by setting up a DNS server on a different port outside the network
I'm in Germany, and running my custom opnsense router with adblocker DNS connected to one of the big DoH providers. Never had any issues, not even with using plain old DNS in port 53.
Vodafone Kable, so YMMV.
Always a bit scared to switch providers of course, you never know if you get cgnat and blocked DNS servers. They are building a Deutsche Telekom fiber to our street this summer. It's tempting for the 200 Mbps uplink, But I have no idea is it then CGNAT and do they even provide real IPv6. It's never mentioned in the advertisement.
Telekom DSL and fibre should normally be full IPv4 + v6 dual stack – they're the former state operator and have a relatively generous IPv4 address allocation.
I've run into a different problem: Akamai apparently uses DNS in order to steer you to the correct portion of their CDN, and the set of servers returned by third-party DNS servers turns out to have abysmal peering with my ISP. So third party DNS isn't really useable for me unless I'd run my own custom resolver in order to special-case Akamai.
Yes I'm pretty sure this is what they do. The DHCP from the router gives 75.75.75.75 and 75.75.76.76. I've tried overriding that with different resolvers in my /etc/resolv.conf and it doesn't work. And logging in to the modem/router config does not offer any option to change DNS settings.
I just tried it. I enabled it at the "Max Protection" level, used the default provider setting (Cloudflare) and it works. So it seems the answer is yes. So that's a pretty simple workaround that covers most cases. I'm guessing that most of the DNS lookups that people would want to be private are happening via a web browser.
As this particular issue of DNS blocking pertains to Germany: By law (EU Commission Directive 2008/63/EC and national law TKG § 73 Abs 1) the ISP must allow the free choice of routers and has to provide all access codes. So even if an ISP provided router would be uncooperative, there is always the choice of just not using it.
Is it possible to use your own router/modem for Comcast? Between my last two apartments and my current one I've had Spectrum, Optimum, and RCN as ISPs in the past decade or so, and with all three of them I was able to use my own router and modem (doing a quick google ahead of setup to make sure that I found instances of people online saying the hardware I had worked for them). It definitely _shouldn't_ be something people have to do in order to be able to have unrestricted internet, but sadly it's far from the only thing that sucks about ISPs. In my current apartment, I have no other option for ISP other than Spectrum, and they seem to get outages far more often than they should (and don't "notify" me until around 20 minutes after I check their website for outages in my area and it says there aren't any).
You can always plug your own router into the LAN port of a shitty ISP's combo modem/router device, too, even if they won't give a connection to any other device than their own and they defeat all your spoofing attempts.
I haven't used a proprietary router in my entire adult life, except as a WAN connection for my 'real' router with some shitty ISPs.
Yes, you can use your own modem, but they give you incentives to use theirs. You can also put their combo modem/router into bridge mode and use your own router. But that's a bit more of a reach for the average person, vs. just changing the DNS addresses in a config page (which is already more than 95% of people will do).
My cellular ISP doesn't seem to be bound by that, even though every cable ISP I've been with has. :(
If there's some US law I can cite at them like a magic invocation to make their dumb combo device go away in favor of my own cellular modem, though, I'd like to.
They don't block them generally, but their newer consumer modem/router/WAP "appliances" do. If you use your own, you can set whatever DNS you want, but you will have lower data caps and lose some incentive pricing that you can get if you use theirs.
I'd guess if you get business tier service you have more options also, but I've never had that.
I was on ordinary residential service. At the time, using their device cost more money than BYO, and the data caps were identical (or rather, there mostly weren't data caps).
