Interesting People mailing list archives
China DNS filters and collateral damage
From: Dave Farber <dave () farber net>
Date: Fri, 14 Nov 2003 06:11:19 -0500
Dave, Please remove my email address and identifying headers if forwarded to IP. A number of large research-oriented universities in the U.S. have recently become targets of filtering policies being implemented by China ISPs. There has been limited discussion of these recent events, but Jonathan Zittrain and Benjamin Edelman's very informative page have identified that these filters have been put in place. What hasn't been widely discussed is the collateral damage being done by these filters. It appears that select and specific IP addresses of authoratative DNS servers operated by a few of the major research-oriented univerisities are now being filtered. This policy has the obvious effect of preventing users in China, who are behind these filters, from being able to resolve DNS names from those select university DNS servers. This in turn denies access to hosts universities are authoritative for when accessed by name. This action has the, probably unintentional, result of filtering traffic in the other direction. Many of these university DNS servers are the same ones used for recursive queries by the university's client hosts. Since the filters are blocking university DNS server IP addresses, university DNS servers can't get packets through to China for the purpose of doing a lookup on China host names. The result is effectively no access from China to select universities and no access from select universities to China. There are some relatively simple methods for universities to get their lookups resolved, but the specific details about the techniques used by China ISPs and the university countermeasures I'm purposely being vague with or leaving out, but it is not difficult for those who understand the technical details of Internet operation to guess what goes on and what sorts of things this ends up leading to. Putting aside all the political arguments, I expect this sort of censorship warfare and its countermeaures will continue to become more prevalent, more complex and more annoying for those using and operating certain parts of the Internet. If these activities are unique to U.S. universities I'd be surprised. If they are, they probably won't be for long. I am a member of one large U.S. research-oriented university and have first-hand knowledge of this issue.
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- China DNS filters and collateral damage Dave Farber (Nov 14)