> (The caveat is that some ISP's do transparent DNS proxying.. in which case, you have much larger trust issues with your ISP and need to take greater measures!)
I once had an ISP which did transparent http proxying. You could theoretically query an external DNS server and get back the correct result, but it would intercept your http connection, discard the ip address you were trying to connect to then do a new DNS lookup to the ISP's DNS server on the HOST header.
Took me ages to work out what was going on with the various issues it was causing.
I dumped that ISP like a rock after they refused to disable that caching proxy, which they claimed was only there to improve customer experience.
Virgin Media in the UK appear to do this for sites they are ordered to block. Even if you get the right DNS response, you get forwarded to http://assets.virginmedia.com/site-blocked.html (HTTPS requests get a connection reset).
I once had an ISP which did transparent http proxying. You could theoretically query an external DNS server and get back the correct result, but it would intercept your http connection, discard the ip address you were trying to connect to then do a new DNS lookup to the ISP's DNS server on the HOST header.
Took me ages to work out what was going on with the various issues it was causing.
I dumped that ISP like a rock after they refused to disable that caching proxy, which they claimed was only there to improve customer experience.