[sairamkunala]

Pointing to cloudflare dns circumvents the issue for now.

move away from ISP DNS to 1.1.1.1 to temporarily solve the issue.

[pritambaral]

Some ISPs still tamper with DNS traffic irrespective of which DNS server they're to/from. githubusercontent.com has no DNSSEC, so it's not tamperproof.

[tptacek]

It wouldn't be tamperproof even with DNSSEC for most of that ISP's customers, because DNSSEC is server-to-server, and collapses down to a single "yep, we checked DNSSEC" bit in the response header. This is a big part of why nobody does DNSSEC, and why the browsers adopted DNS-over-HTTP to solve this particular problem.

[uncletammy]

Through what mechanism is it possible for them do bypass custom DNS servers? Does DNS over other protocols prevent this tampering?

[pritambaral]

DNS traffic is plaintext. MITM is all that's needed to be able to bypass custom DNS servers. An ISP, obviously, has to be in an MITM position to be able to provide internet service.

Here's an example: https://jeff.vtkellers.com/posts/technology/force-all-dns-qu...

[Dreako]

cloudfare + OpenDNS .

works like a charm