DNS Screwup Accidentally Extends Great Firewall Of China To Chile And The US?
from the yes,-but-could-you-use-Google? dept
A bit surprised this story didn’t get more attention, but apparently some sort of DNS networking “error” meant that certain computers in both the US and Chile came up against the infamous Great Firewall of China — meaning many sites were suddenly inaccessible (and, one assumes, Google sent folks to Google Hong Kong):
Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what’s known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China’s network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.
The issue was reported Wednesday by Mauricio Ereche, a DNS admin with NIC Chile, who found that an unnamed local ISP reported that DNS queries for sites such as Facebook.com, Twitter.com and YouTube.com — all of which have been blocked in China — were being redirected to bogus addresses.
I’m reminded of the case when Pakistan tried to block YouTube and ended up blocking YouTube around the globe. Just a bit of a scary reminder of how fragile and interconnected the internet can be at times.
Filed Under: chile, china, dns, great firewall, us
Comments on “DNS Screwup Accidentally Extends Great Firewall Of China To Chile And The US?”
solution: Set up your own DNS
Re: Re:
solution 2: remove china from interwebz.
Re: Re:
Setting up your own DNS is not a solution at all. In fact even the suggestion of it show’s your inexperience with it.
Even if you setup your own DNS you still need to point it somewhere, and if that source screws up your still down.
Re: Re: Re:
He’s talking about Open DNS or Google DNS not creating your own DNS server.
Re: Re: Re: Re:
It doesn’t matter what he meant the context is wrong..all DNS points to the 13 root servers scattered around the globe..the one in China is polluted due to the way they censor. China NEEDS TO BE DISCONNECTED IF THEY CAN’T PLAY WITH OTHER CHILDREN.
Re: Re: Re: Re:
I use openDNS it is a great service and can be set up to block (actually give a warning before loading) potentially malicious sites.
Re: Re: Re:
“Setting up your own DNS is not a solution at all. In fact even the suggestion of it show’s your inexperience with it.”
— Your comment shows you to the ignorant one.
“Even if you setup your own DNS you still need to point it somewhere, and if that source screws up your still down.”
— Well, Duh. Thank you Capt Obvious.
— Well, mister know it all … is that all you’ve got?
Control?
Here’s a scenario. ‘The Great Information War of the 2010’s’ bring the governments of the world close to Armageddon.
Let's get ready to
Start the cyberwars!
One more reason to NOT use your ISP’s DNS.
Should CHINA even be allowed to operate root DNS
My concern is if China doesn’t want to conform to the accepted standards, should they even be allowed to operate root DNS servers? It seems after this the clear answer is NO. Fuck China. They just want Internet to be a big suck on the world.
removing China from the DNS chain
Cutting off China from the rest of the world is something that I’m sure they would consider. However, doing so would allow the government free reign to fabricate reality (ex. 1984). Furthermore, their educational institutions would still require the link outside in order to communicate and compete with others or else they would fall considerably short.
The true problem is not with China, they’ve chosen the path that they are on. The problem is with the individuals programming their ISP routers with the wrong AS numbers. Good on them for fixing it quickly, but hopefully they’ll do a sanity check before publishing their ‘shortest route’ algorithm to their users again.
Re: removing China from the DNS chain
Who cares what China does?Llet the fkn Chinese worry about it.
www.b2b2.us
Nice a SPAMer..way to go ass hat
Step 1 = Apply firewall to Intarwebz traffic
Step 2 = …
Step 3 = PROFIT ?!?
would anybody know if this would cause a .cn site not beeing accessible in China – I just set up my site there http://www.travel-avenue.cn and my contacts in china are telling me they can;t access it while they can access my .com .
Re: Re:
CN domains require certain permisssion from the Almighty Red China to be set up on their DNS otherwise they wont connect
also expect heavy regulations to get the permission granted
nice article. i’ve got new thing from this post. thank allot
Never heard of this until now, can’t beat a bit of censorship Chinese style. Man, I love the techdirt archives