I use AdGuardHome for my home network and like to use Custom DNS servers. I recently noticed, only Google Public DNS 8.8.8.8 works as expected and everything else is blocked at ISP level.
Cloudflare DNS debugging page clearly shows the problem at https://1.0.0.1/help. Connection to 1.1.1.1 is possible but DNS resolution at port 53 does not work.
Linux commands dig and nc clearly shows the problem. Google DNS 8.8.8.8 works, but all other DNS server fails.
With sunrise internet, only Google DNS 8.8.8.8 works:
$ nc -zv 8.8.8.8 53
Connection to 8.8.8.8 port 53 [tcp/domain] succeeded!
$ nc -zv 1.1.1.1 53
nc: connectx to 1.1.1.1 port 53 (tcp) failed: Operation timed out
$
With VPN, everything works:
$ nc -zv 8.8.8.8 53
Connection to 8.8.8.8 port 53 [tcp/domain] succeeded!
$ nc -zv 1.1.1.1 53
Connection to 1.1.1.1 port 53 [tcp/domain] succeeded!
$ nc -zv 1.1.1.1 53
I have not changed any firewall settings on the router. Also, the Sunrise surf protect option is disabled for my account. So, this clearly looks like some traffic blocking at ISP level.
Router Static DNS setting: I see, that setting Static DNS is disabled on the Sunrise box. I understand, that an ISP might want to keep a safe default and restrict a few settings in the router. Advanced users can still configure custom DNS settings on their devices. But why block custom DNS server traffic?
I am also unable to use DNS-over-HTTPS or DNS-over-TLS. Only requests to 8.8.8.8:53 seems to be working. Is Encrypted DNS also blocked?
