Can Italians circumvent this by manually setting Cloudflare as their DNS-Resolver (1.1.1.1)? The article mentions Cloudflare assisted them, but here in Germany they don't have to cooperate (https://blog.cloudflare.com/latest-copyright-decision-in-ger...). Is the situation different in Italy?
I have CF DNS and the website works correctly for me in Italy so the answer is yes, changing DNS works, even Google's DNS should do it.
But the default ISP ones all block some websites related to piracy, and sadly for most people that’s enough to deter them or worse, it leads them to visit suspicious websites and download viruses.
DNS "blocking" doesn't impress me much; it only works if you rely on the ISPs DNS servers.
I think personal computers should simply ship with a local recursive resolver installed and configured. The resource burden is tiny, and it's likely to be faster than most ISP's resolvers. And it'll tell you the Truth about what's in the DNS tree.
I understand that many ISPs use slow DNS servers as a way of throttling their users.
Some places forcibly redirect all port 53 traffic to your ISP's DNS server, some British ISPs do this if I'm not mistaken. If popular operating systems started doing this, more countries would follow.
DNS over HTTPS would solve the problem, but some countries might outlaw browsers that ship with it if it became too much of a problem.
What kind of "place" can redirect a port-53 request to localhost to my ISP's DNS server?
DNS-over-HTTPS is a move in the wrong direction, if you ask me. There aren't many DOH servers, so it concentrates control even more than traditional DNS. But if you are running your own recursive resolver, the only ways to control the results are to control the authoritative servers (nope), or to control the roots (most of them are physically in the USA, and run by corporations, so that's sort-of possible).
They can't redirect things going to localhost. But how does your local resolver talk other authoritative DNS servers? UDP on port 53. The instant that kind of packet hits your ISP, it's not routed outside their network and is answered by their DNS.
Well, I didn't know they did that. They'd have to use a packet filter to do that; in the normal case, I send my UDP query to the authoritative server via its IP address, and if my ISP doesn't forward the query, then it's not providing internet service, it's simulating it. My resolver respects DNS signing, so I think I'd get errors rightaway if my ISP tried to substitute a forged answer.
My (niche) ISP is rather benevolent; as far as I'm aware they don't block at all, and they brag about providing "real internet service". At any rate, I'm not aware that my recursive resolver has ever encountered an answer that was forged by my ISP.
I am running a recursive resolver locally. When it resolves a name, "upstream" means the root servers, not some DNS cache such as my ISP offers. A recursive resolver chases the name down the DNS tree to the authoritative server.
To block that, you have to either tamper with the root servers, or get control of the authoritative servers.
But the default ISP ones all block some websites related to piracy, and sadly for most people that’s enough to deter them or worse, it leads them to visit suspicious websites and download viruses.