DNS Hijacking Problem in China
/dev/rob0
rob0 at gmx.co.uk
Wed Sep 28 18:08:23 UTC 2005
On Wednesday 2005-September-28 09:19, J C Denton wrote:
> China is systematically hijacking Dynamic DNS service providers (
> dyndns.org and no-ip.com ) to render their service unavailable in
> China.
>
> This is part of China's effort for controlling use of Internet.
>
> Is there any rules about how DNS server should be operated or could
In China, the Chinese gov't makes the rules.
> someone from the Internet Society to condemn China for this kind of
> practice?
And what would that do? I don't follow your line of reasoning here.
The good news is that on a small scale it's easy to route around this
kind of network damage. If your ISP isn't blocking DNS (53 TCP and UDP)
just run your own caching resolver and don't use the ISP's nameservers.
If they are blocking, or worse, hijacking DNS (transparent proxy
pointing to their own gov't-approved nameservers), it's a bit more
difficult but still doable if you have any kind of external access. Run
a nameserver on non-standard ports, or better yet, access it through a
VPN or SSH tunnel.
The bad news is that small-scale solutions can't help the billions of
people in China. But if enough of them do it perhaps eventually the
gov't will get a clue and give up? Not much hope of gov'ts getting
clues, but at least the US gov't eventually gave up on its idiotic
cryptography restrictions.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list