DNS Screwup Accidentally Extends Great Firewall Of China To Chile And The US?

from the yes,-but-could-you-use-Google? dept

A bit surprised this story didn't get more attention, but apparently some sort of DNS networking "error" meant that certain computers in both the US and Chile came up against the infamous Great Firewall of China -- meaning many sites were suddenly inaccessible (and, one assumes, Google sent folks to Google Hong Kong):
Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.

The issue was reported Wednesday by Mauricio Ereche, a DNS admin with NIC Chile, who found that an unnamed local ISP reported that DNS queries for sites such as Facebook.com, Twitter.com and YouTube.com -- all of which have been blocked in China -- were being redirected to bogus addresses.
I'm reminded of the case when Pakistan tried to block YouTube and ended up blocking YouTube around the globe. Just a bit of a scary reminder of how fragile and interconnected the internet can be at times.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Mar 29th, 2010 @ 4:48am

    solution: Set up your own DNS

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    vyvyan, Mar 29th, 2010 @ 4:53am

    Re:

    solution 2: remove china from interwebz.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Michial Thompson, Mar 29th, 2010 @ 5:26am

    Re:

    Setting up your own DNS is not a solution at all. In fact even the suggestion of it show's your inexperience with it.

    Even if you setup your own DNS you still need to point it somewhere, and if that source screws up your still down.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    WammerJammer (profile), Mar 29th, 2010 @ 5:51am

    Control?

    Here's a scenario. 'The Great Information War of the 2010's' bring the governments of the world close to Armageddon.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Mar 29th, 2010 @ 6:05am

    Let's get ready to

    Start the cyberwars!

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Nicholas Overstreet (profile), Mar 29th, 2010 @ 6:56am

    One more reason to NOT use your ISP's DNS.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Chronno S. Trigger (profile), Mar 29th, 2010 @ 7:06am

    Re: Re:

    He's talking about Open DNS or Google DNS not creating your own DNS server.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 29th, 2010 @ 7:45am

    Should CHINA even be allowed to operate root DNS

    My concern is if China doesn't want to conform to the accepted standards, should they even be allowed to operate root DNS servers? It seems after this the clear answer is NO. Fuck China. They just want Internet to be a big suck on the world.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Hangmn (profile), Mar 29th, 2010 @ 8:39am

    Re: Re: Re:

    It doesn't matter what he meant the context is wrong..all DNS points to the 13 root servers scattered around the globe..the one in China is polluted due to the way they censor. China NEEDS TO BE DISCONNECTED IF THEY CAN'T PLAY WITH OTHER CHILDREN.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    JPerridew, Mar 29th, 2010 @ 8:40am

    Re: removing China from the DNS chain

    Cutting off China from the rest of the world is something that I'm sure they would consider. However, doing so would allow the government free reign to fabricate reality (ex. 1984). Furthermore, their educational institutions would still require the link outside in order to communicate and compete with others or else they would fall considerably short.
    The true problem is not with China, they've chosen the path that they are on. The problem is with the individuals programming their ISP routers with the wrong AS numbers. Good on them for fixing it quickly, but hopefully they'll do a sanity check before publishing their 'shortest route' algorithm to their users again.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Hangmn (profile), Mar 29th, 2010 @ 8:43am

    Re: Re: removing China from the DNS chain

    Who cares what China does?Llet the fkn Chinese worry about it.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Hangmn (profile), Mar 29th, 2010 @ 8:53am

    Re: www.b2b2.us

    Nice a SPAMer..way to go ass hat

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Sean T Henry (profile), Mar 29th, 2010 @ 8:57am

    Re: Re: Re:

    I use openDNS it is a great service and can be set up to block (actually give a warning before loading) potentially malicious sites.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Mar 29th, 2010 @ 1:18pm

    Step 1 = Apply firewall to Intarwebz traffic

    Step 2 = ...

    Step 3 = PROFIT ?!?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Mar 29th, 2010 @ 6:22pm

    Re: Re:

    "Setting up your own DNS is not a solution at all. In fact even the suggestion of it show's your inexperience with it."

    -- Your comment shows you to the ignorant one.

    "Even if you setup your own DNS you still need to point it somewhere, and if that source screws up your still down."

    -- Well, Duh. Thank you Capt Obvious.

    -- Well, mister know it all ... is that all you've got?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    lolosan, Apr 29th, 2010 @ 9:33am

    would anybody know if this would cause a .cn site not beeing accessible in China - I just set up my site there www.travel-avenue.cn and my contacts in china are telling me they can;t access it while they can access my .com .

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Dur Hur, Jun 3rd, 2010 @ 11:13am

    Re:

    CN domains require certain permisssion from the Almighty Red China to be set up on their DNS otherwise they wont connect

    also expect heavy regulations to get the permission granted

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    the network firewall, Oct 5th, 2010 @ 12:39am

    nice article. i've got new thing from this post. thank allot

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    lrobbo (profile), May 29th, 2012 @ 3:56pm

    Never heard of this until now, can't beat a bit of censorship Chinese style. Man, I love the techdirt archives

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This