keweonDNS - now with improved Certificate (iOS, Mac & Android)

[MrT69]

keweon & HOLA

keweon now supports hola VPN


I fully support from this week HOLA VPN. The entirey Apps and Plugins are free of charge. Unfortunately I have no contact to them. If one of you can help - let me know.

How do I support?

For example, BBC.CO.UK is now AdFree within the streams and also Pandora Radio. I have had tested a view things but the entire test is now up to all of you.

Have fun, report errors when you see them and enjoy your Weekend!

 

[MrT69]

Currently the entire infrastructure has a problem. That's because of only a single Provider.

Within the next 30 to 45 minutes the problem should be fixed.

Damn!!!

 

[MrT69]

Reboot everything.
All Updates during the Weekend are lost. Will be in place again this evening.

Sorry and thanks for the Info

 

[dalepothen]

seem all going good mate pm me u knw where right telegram

 

[kima09]

If you want to use IPv4:

Primary DNS: 137.74.155.255 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY
Secondary DNS: 213.32.112.244 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY

or

Primary DNS: 51.254.188.221 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY
Secondary DNS: 213.32.112.244 << WILL BE DROPED UNTIL 20th NOVEMBER - FULLFILL NOT MY SECURITY

What do you mean by 'Will be dropped until 20 Nov'? Do you mean this dns is currently not down and will be lived on 20? Or it is currently live and will be dropped by 20 Nov?
I need to use IPv4,

 

[MrT69]

What do you mean by 'Will be dropped until 20 Nov'? Do you mean this dns is currently not down and will be lived on 20? Or it is currently live and will be dropped by 20 Nov?
I need to use IPv4,

I didn't expect some complains
Can you check if one of this server is working for you?

https://forum.xda-developers.com/android/software-hacking/keweon-privacy-online-security-t3681139#6

If not, let me know why the other one's better.

I have problems with this servers, because one is an OpenVZ based VPS. Own kernel is not possible and because of this my security template will only run into errors.
The other one seems to be damn slow (from Germany) and until today I haven't received any Informations if the server is working or is it in use at all.

Btw...

Every Server is working with IPv6 and IPv4. I hope so because I only have IPv4 from my provider at home. Until today they are not able to offer an IP6 AND IP4 Address.

 

[MrT69]

Why you should use keweonDNS and recommed to your friends?​

I'm so proud when I see the traffic on current all available DNS Servers. That will show that the system is in use.

I know that there are still some errors. Things are sometimes not working but I'm on the way to sort out all the errors. During the last week I have received 139.809 wrong blocked domains. At this point let me say thanks to all supporter.

But keep in mind that not every error which happens is my fault. For actual reasons I will give you 2 examples:


1. Homebanking App IngDiba - Romania

With kindly agreement from XDA User dodobila I will show you what this App contains. He has found this "bug".

By using keweonDNS on his mobile phone the App shows an error because it can't contact the Server. Problems on Banking or similar sensitive accounts is a nightmare for me. I don't want that anyone has the feeling that I'm try to do evil things.

Now, with keweonDNS this error happens.

After a tripple check I have found out that this error will only happens if this URL's are blocked:

bttrack.com
googleads.g.doubleclick.net
pagead46.l.doubleclick.net
partnerad.l.doubleclick.net
securepubads.g.doubleclick.net
stats.l.doubleclick.net
tcp.googlesyndication.com
www-google-analytics.l.google.com
www.google-analytics.com
www.googletagservices.com

I have checked this triple times and I finally created a test system which contains only this addresses to double check this. I told this to dodobila and a few seconds later he was asking by mail the Bank why google is build in within the App.

The answer was incredible:

Translated to english this would mean:

Hello!
For technical reasons we can not specify how the HomeBank application uses Google Service. We can only confirm that these services are used for security reasons and to have a better performance than other applications, these aspects being the definition in the choice made.

After this mail me and dodobila was shocked and he was asking for a second time what this should be.

The next - and last answer - was (translated to english):

Hello!
Certain functionalities do not work without the technologies provided by these companies. As I have confirmed to you in the previous mail, we can not specify the technical aspects used by the HomeBank App.

Have a good day,

the ING Bank Team

All this addresses where not visible with "Packet Capture" (PlayStore) so this would mean the detected addresses are deep hidden into the App. Reverse Engineering is unfortunately forbidden by Law in Germany so I have no clue how they have done it.

The Google Systems are I/O Online Analytics System. Put Data in, they will somehow use it for some process and then they will forward it to whatever. Think about personalized advertising. Search something within the Internet and the next 3 Month you will get so many advertising about this.

I also have no clue about other Apps from IngDiba. Because of this you can be sure that I never would eihter use the App or the Bank itself. I would never trust someone who decide to use Google AdServer for security reasons.

Feel so free and test it. Every feedback is welcome. But be carefull because on mails from dodobila now the Bank seems not longer responding. Thanks also a lot to him!!



2. DieBahn App - Germany

DieBahn App is the German information App about public train traffic. Good thing because sometimes it's working and sometimes you get valid data.

Bad thing that you can pay your Train tickets via this app. With keweon you will also get an error that this app is not working because the communication to the "Deutsche Bahn Server" is blocked. This happens when you try to pay a ticket via the App. Within the Browser it seems everything is working withou a problem.

This is in simple words a real lie and they cheat there customers. This error happens because the communication to dpm.demdex[.]net is blocked.

Who is demdex?

Demdex was aquired by Adobe at 18. January 2011 for round about 58 Million US$. If you check the Domain by Virustotal and other online Security Portals you will see that they still send out Malware, Spyware and even SMS Spyware things.

Different payment portals even the one from Adobe using this Gateway for payment. Also the "Deutsche Bahn" - but why the hell they are telling the user that the "communication to the Deutsche Bahn Server is interupted"?

Why they are routing the online payment over a Virus/Malware/Spyware Gateway? Why they are telling the user that the communication to there own server is blocked which is in fact a lie because this is not the "Deutsche Bahn Server"? It's now up to all of you to ask them this question.

Keep in mind, currently I'm working alone on this system. I don't have the resources to do other things. Deeper investigations. Harder blacklists. Less errors.

But I guess it's good enough to show you how the dark side is working. This is the sense of keweon. I just want to have a better and safer Internet and it's up to you to decide. It's your system. It's your choice. It's your decision.

Hope you still enjoy keweon and I also hope that you will now understand that not every error which will happens by using keweonDNS is a big error.

Best regards from germany & have a nice Sunday evening!

 

[MrT69]

Update for you:

1. Bugfix for https Advertising (works only with keweon Adblock Cert)

2. Adjust the Redirect detection. It seems the other side is not sleeping.

3. Still a bug in aggressive Javascript Popups. The windows is bouncing but it is much more easy to close it now for you. Who the hell decide that this crap is a good idea for advertising??

4. Working on Google Advertising. They have implemented some new and funny features. It seems I can solve this with the current System. The Advertising Links on Google search result are sometimes still a problem.

5. Facebook has also a professional advertising Network. The investigation is in progress and I'm pretty sure I can get rid of the entire Advertising from them.

5. Samsung App Store not proper working. In Germany it's working but other countries claims they have problems.

6. Beta Lists with a lot of false positive still within the system. Database for a "Global GoLive" System is in progress. Expecting to move it in production February 2018. Still waiting for false/positive Emails from your site.

7. The current serves are really not so fast. I hope they are good enough to show how everything is working. The average Traffic doubles from last week to this week. The average traffic is at 12 MB per Day. Each request from your site is round about 90 bytes.

9. Moved "keweon Deep Ads Filter" from Alpha to Beta status. For example, YouTube is entirely free of Advertising. Nothing. Even when they change something the System will take notice about this and adjust itself. Seems not to be a cute thing at the moment but this becomes important for "keweon kidSafe" - Porn and violence free internet for Kids, Schools and Teenager. Now you can imagine what will come.

10. Some cute things are also under developement. Currently the focus is on the website to explain more details to all of you.

Let me say thanks again at this point to everyone who use and support keweon. Thanks a lot to each one of you!

Have a nice weekend!

 

[MrT69]

Server Update

The Server in Atlanta is a dedicated Unit with 2 Xeon CPU and 24 GB RAM.
Thanks to the donator.

This entire keweonDNS System is only for private and personal usage. It is not allowed to use the System within a Business environment.
For any damages and problems within Active Directory or other core systems by using keweonDNS within a business production environment I assume no liability for any damages.​

 

[laura almeida]

As of November 27, 2017 - 22:30 CET

Australia / Sidney:
45.76.125.130 - Timeout

France / Paris:
45.77.62.37 - Timeout

France / Roubaix:
137.74.155.255 - Timeout

France / Roubaix:
51.254.188.221 - Timeout

France / Roubaix:
213.32.112.244 - Working

Germany / FFM
104.207.131.11- Timeout

Japan / Tokio
45.77.25.72 - Timeout

Netherland / Amsterdam
45.77.138.206 - Timeout

Singapore / Singapore:
45.76.151.221 - Timeout

UK / London
45.32.183.39 - Timeout

US / Atlanta
107.189.45.250 - Working

USA / Dallas
45.76.57.41 - Timeout

USA / New Jersey
45.77.144.132 - Timeout

USA / Silicon Valley
45.32.140.26 - Timeout

 

[MrT69]

laura almeida;74659576]As of November 27, 2017 - 22:30 CET

Australia / Sidney:
45.76.125.130 - Timeout

....

I have done a complete reboot on the entire Infrastructure down to the root Servers.
It seems everything is back again.

The problem is that everything is based on VPS and currently it's all at the same provider.
Sorry & million thanks to you!!!!!

 

[MrT69]

Network outage

Network outage:

Yesterday Tokyo and since 10:00 AM today it's London outage.
That's so damn boring sometimes.

This drives me crazy. Sorry to all users...

 

[MrT69]

Some facts

Thanks to all users for being patient and using the keweon System. Here are some facts about the last month.

The Data usage overview (inbound) from the DNS Servers:

New Jersy - 160 MB
Dallas - 210 MB
Amsterdam - 270 MB
London - 160 MB
Frankfurt - 200 MB
Silicon Valley - 150 MB
Australia - 100 MB
Paris - 390 MB
Tokyo - 130 MB
Singapore - 140 MB

The average traffic was at the first 2 weeks at 6 MB per Day. The 3rd week it was at 12 MB and this week it was at 18 MB per Day and Server.

The current system and your usage has given a better view to different developements which are in progress.

For better performance I recommend to use the DNS Servers as forwarder on your SOHO/WIFI Router. I know that the current system is really slow compared to Google DNS but it's possible to speed it up. But this must be done at the moment from your site.

Anyway - thanks a lot for all of your support for my baby!

Have a nice weekend!!!

 

[MrT69]

Atlanta Server Offline until 8:00 PM GMT +1

The Server has hardware issues. Provider need to take the machine offline and it will be back until 8 PM German Time.
It is so annoying. I want to have my own infrastructure...


US / Atlanta
k1ns-atl-001.keweon.center
107.189.45.250

 

[MrT69]

Atlanta is back.
Might be a reboot is required this night and tomorrow once a time but it's back!

Enjoy your evening!

 

[MrT69]

1.
Tokyo receives a network upgrade by Provider. Don't blame on me please!

Start time:
06-DEC-2017 20:30 UTC

End time:
06-DEC-2017 23:30 UTC


2.
For actual reasons one funny story about low budget providers and things which drives me sometimes crazy:

Server Atlanta has had 2 days ago the first problem and after a reboot everything seems to be fine.

Hours after the reboot the Server seems to be broken. Sh*t could happens and there is no really business on keweonDNS. After 9 hours the Server was replaced by the Provider. And again, everything seems to be fine. Within the ILO Interface I have seen the Server is still the old one but it's OK. Yes, customers are sometimes to stupid to understand.

A view hours later the entire box was gone again. Double sh*t could also happens and the Support told me that the Rack switch was broken. OK... no other chance than to wait.

Now, everything is back. Hardware replaced. Switch replaced. And everything seems to be fine?

It was required to reinstall the entire Server. After 2 hours playing around with the NIC's I have seen that the brand new Switch has no VLAN configured for the IPv6 network. IPv4 is running - no IPv6.

I'm waiting. And I guess everything will be fine. I'll be sure.

WOOO-SA... WOOO-SA...

 

[ninjanmizuki]

I couldn't access my Internet connection at all a week ago when I used keweon through DNSchanger. Was it because of this server issues or something wrong on my side?

Edit -
As of now (06dec2017) everything is working perfectly well. I am using UK servers and Amsterdam servers. Thanks for this man.

 

[MrT69]

I couldn't access my Internet connection at all a week ago when I used keweon through DNSchanger. Was it because of this server issues or something wrong on my side?

Edit -
As of now (06dec2017) everything is working perfectly well. I am using UK servers and Amsterdam servers. Thanks for this man.

First at all - thank a lot for your comment!!!

The current problems are not really my problems. The most and biggest problem is the hosting or the provider.

I was seeking out for an Investor for my system but the all only want to collect Data from users and other evil things. That's a no go! On the one hand I prevent the entire data collection and on the other I need to collect them? Never! I rather would trash the entire system than doing this.

Actually I'm working on the Website and I'm planing to start a crowd funding project because to establish the entire and global Infrastructure would need a lot of money. At the moment the entire system is so incredible slow but with physicaly Server and within a Datacenter location the Server becomes up to 20 times faster than GoogleDNS. It's already tested within an EQUINIX DC in Munich but a global system is lightyears away from my budget. If this system would be in place I guess you can't imagine how fast your Internet will be.

The current keweon system is not the end. Actually I'm only able to provide 15 to 20% of the full power of it. I cross the fingers and the ads and data collection industrie better prays that this system will never grow up.

Please keep in mind that this system is only for demonstration. Of cause it's working (...sometimes not ) but at the moment it's not the solution I want to have at the end.

Anyway. Thanks a lot!!!!

 

[MrT69]

Server Upgrade

Update for all of you:

- It's Christmas time and that means shopping time. Added 17.637 Fake Shops from 2 public sources.
( https://www.watchlist-internet.at/fake-shops/liste-betruegerischer-online-shops )
- Fixed Firewall performance
- Added on all Servers a Daily reboot at 3:30 AM local time. EU Servers will have a different of 5 minutes on each server. The reboot will take not longer than 20 seconds but this will increase the performence.
- Upgrade security on all DNS Server (some idiots still try to hack them...)
- All France Server are now global available
- Will reduce security on this server at the weekend:

France / Roubaix:
k1ns-fr-002.keweon.center
137.74.155.255
2001:41d0:1000:16a6::6538:02b6

France / Roubaix:
k1ns-fr-003.keweon.center
51.254.188.221
2001:41d0:1000:16a6::693d:1b0e

France / Roubaix:
k1ns-fr-004.keweon.center
213.32.112.244
2001:41d0:8:1a95::244

Then you can use them with IPTable forwarding and all other things you want to do. Not sure if the Servers are fast enough for other Countries than EMEA but it's up to you to test.

The daily Whitelisting was not running this night. At the moment I have a list of 12.588 URL's. They will be processed during this night.

Thanks a lot to all of you and have a nice weekend!!!

 

[MrT69]

To all who want to play around with IPTABLES, FORWARDING and other funny things:

The Servers below should now be available for more things than requests. ANY REQUESTS and a view other things are still blocked for security reasons.
All 3 Servers are protected by 750GBit DDoS protection which should be enough for all attacks. I still have fears to open them but I will give it a try.
I cross the fingers that this servers can stay open within this way.

France / Roubaix:
k1ns-fr-002.keweon.center
137.74.155.255
2001:41d0:1000:16a6::6538:02b6

France / Roubaix:
k1ns-fr-003.keweon.center
51.254.188.221
2001:41d0:1000:16a6::693d:1b0e

France / Roubaix:
k1ns-fr-004.keweon.center
213.32.112.244
2001:41d0:8:1a95::244

Enjoy it and have fun. If they are still not working for you than let me know this.

All other servers needs to stay locked down for security reasons. If you are not able to work with the France Servers than I need to say sorry at the moment. There is currently no option to do this.

Let me know if it's working. Enjoy it!