DNS Screwup Accidentally Extends Great Firewall Of China To Chile And The US?

from the yes,-but-could-you-use-Google? dept

A bit surprised this story didn't get more attention, but apparently some sort of DNS networking "error" meant that certain computers in both the US and Chile came up against the infamous Great Firewall of China -- meaning many sites were suddenly inaccessible (and, one assumes, Google sent folks to Google Hong Kong):
Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.

The issue was reported Wednesday by Mauricio Ereche, a DNS admin with NIC Chile, who found that an unnamed local ISP reported that DNS queries for sites such as Facebook.com, Twitter.com and YouTube.com -- all of which have been blocked in China -- were being redirected to bogus addresses.
I'm reminded of the case when Pakistan tried to block YouTube and ended up blocking YouTube around the globe. Just a bit of a scary reminder of how fragile and interconnected the internet can be at times.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chile, china, dns, great firewall, us


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 29 Mar 2010 @ 4:48am

    solution: Set up your own DNS

    link to this | view in thread ]

  2. identicon
    vyvyan, 29 Mar 2010 @ 4:53am

    Re:

    solution 2: remove china from interwebz.

    link to this | view in thread ]

  3. identicon
    Michial Thompson, 29 Mar 2010 @ 5:26am

    Re:

    Setting up your own DNS is not a solution at all. In fact even the suggestion of it show's your inexperience with it.

    Even if you setup your own DNS you still need to point it somewhere, and if that source screws up your still down.

    link to this | view in thread ]

  4. icon
    WammerJammer (profile), 29 Mar 2010 @ 5:51am

    Control?

    Here's a scenario. 'The Great Information War of the 2010's' bring the governments of the world close to Armageddon.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 29 Mar 2010 @ 6:05am

    Let's get ready to

    Start the cyberwars!

    link to this | view in thread ]

  6. icon
    Nicholas Overstreet (profile), 29 Mar 2010 @ 6:56am

    One more reason to NOT use your ISP's DNS.

    link to this | view in thread ]

  7. icon
    Chronno S. Trigger (profile), 29 Mar 2010 @ 7:06am

    Re: Re:

    He's talking about Open DNS or Google DNS not creating your own DNS server.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 29 Mar 2010 @ 7:45am

    Should CHINA even be allowed to operate root DNS

    My concern is if China doesn't want to conform to the accepted standards, should they even be allowed to operate root DNS servers? It seems after this the clear answer is NO. Fuck China. They just want Internet to be a big suck on the world.

    link to this | view in thread ]

  9. icon
    Hangmn (profile), 29 Mar 2010 @ 8:39am

    Re: Re: Re:

    It doesn't matter what he meant the context is wrong..all DNS points to the 13 root servers scattered around the globe..the one in China is polluted due to the way they censor. China NEEDS TO BE DISCONNECTED IF THEY CAN'T PLAY WITH OTHER CHILDREN.

    link to this | view in thread ]

  10. identicon
    JPerridew, 29 Mar 2010 @ 8:40am

    Re: removing China from the DNS chain

    Cutting off China from the rest of the world is something that I'm sure they would consider. However, doing so would allow the government free reign to fabricate reality (ex. 1984). Furthermore, their educational institutions would still require the link outside in order to communicate and compete with others or else they would fall considerably short.
    The true problem is not with China, they've chosen the path that they are on. The problem is with the individuals programming their ISP routers with the wrong AS numbers. Good on them for fixing it quickly, but hopefully they'll do a sanity check before publishing their 'shortest route' algorithm to their users again.

    link to this | view in thread ]

  11. icon
    Hangmn (profile), 29 Mar 2010 @ 8:43am

    Re: Re: removing China from the DNS chain

    Who cares what China does?Llet the fkn Chinese worry about it.

    link to this | view in thread ]

  12. icon
    Hangmn (profile), 29 Mar 2010 @ 8:53am

    Re: www.b2b2.us

    Nice a SPAMer..way to go ass hat

    link to this | view in thread ]

  13. icon
    Sean T Henry (profile), 29 Mar 2010 @ 8:57am

    Re: Re: Re:

    I use openDNS it is a great service and can be set up to block (actually give a warning before loading) potentially malicious sites.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 29 Mar 2010 @ 1:18pm

    Step 1 = Apply firewall to Intarwebz traffic

    Step 2 = ...

    Step 3 = PROFIT ?!?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 29 Mar 2010 @ 6:22pm

    Re: Re:

    "Setting up your own DNS is not a solution at all. In fact even the suggestion of it show's your inexperience with it."

    -- Your comment shows you to the ignorant one.

    "Even if you setup your own DNS you still need to point it somewhere, and if that source screws up your still down."

    -- Well, Duh. Thank you Capt Obvious.

    -- Well, mister know it all ... is that all you've got?

    link to this | view in thread ]

  16. identicon
    lolosan, 29 Apr 2010 @ 9:33am

    would anybody know if this would cause a .cn site not beeing accessible in China - I just set up my site there www.travel-avenue.cn and my contacts in china are telling me they can;t access it while they can access my .com .

    link to this | view in thread ]

  17. identicon
    Dur Hur, 3 Jun 2010 @ 11:13am

    Re:

    CN domains require certain permisssion from the Almighty Red China to be set up on their DNS otherwise they wont connect

    also expect heavy regulations to get the permission granted

    link to this | view in thread ]

  18. identicon
    the network firewall, 5 Oct 2010 @ 12:39am

    nice article. i've got new thing from this post. thank allot

    link to this | view in thread ]

  19. icon
    lrobbo (profile), 29 May 2012 @ 3:56pm

    Never heard of this until now, can't beat a bit of censorship Chinese style. Man, I love the techdirt archives

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.