China Creates Own DNS > Question

Question

reply to johnt82

reply to Matt
But you would still be able to access whatever you want via IP address, right? Of course, specific IP can be blocked as well I guess.

I think this is what you just asked but...

Lets say they blocked bbr for example, a person typing in "www.dslreports.com" would get the "BIG BROTHER CHINA DOESNT WANT THIS, RARRR!!111" message.

but lets say the IP address of bbr is 123.456.789.101, could a person not just type that in their browser and get here?

reply to Matt
awesome...maybe that will stop all of the spammers I get hitting my stuff from Sino-Korean subnets...well at least the "Sino" part...

reply to snipper_cr
yes...if it's not blocked. They won't be able to resolve I.P.s to names because their DNS servers will have different records.

there would be a lookup to i.dslr.net. to load the images.

true...good point. but content would still be there.

i think this goes along with pcscdma but wouldnt all HTML within the website a href="anything.huh"> require a DNS lookup? So all that would get blocked.

Now whats to stop a person from setting another ISPs DNS to their primary/secondary DNS? Lets say, use a verizon or comcast server? Or atleast on their continent, a DNS NOT in China..

reply to snipper_cr
Going by IP address may or may not work... the Chinese may block certain IP ranges, of course.

The bigger problem is that a server may host many, many sites all on the same IP address (shared/virtual hosting). The way this works is that the browser connects to the IP address and then (transparently to the user) specifies the domain/path in the HTTP request. Older browsers couldn't do this so a lot of sites had to also be reachable from a directory on the generic front page... however, with the advent of HTTP 1.1, this all sort of became a non-issue (as of 1996, I think).

eg:
»www.noentropy.net/
»82.195.129.8/

One could set up a local DNS server so that the browser would know what domain name to use... BUT I would not risk my neck that Chinese censors are not also monitoring/filtering my traffic which would include this domain name in clear text.

reply to snipper_cr
If China requires Chinese sites to use their official DNS servers, is the next logical step to portion out whatever IP numbers they want? Why should they be beholden to anyone for that either? That would mean that all traffic in and out of China will have use the official Chinese NAT router.

reply to snipper_cr
You could dynamically do an in-place edit client side of the link to point to an IP address, but you'd need to know what it would resolve to before hand of course.

Or you could do it the cheap way and copy the link, cut out the domain name and slap the IP address in its place as well.

I'm assuming that China really wanted to block external DNS servers, they might just start sniffing out anything that looks like a DNS query and could just start dynamically blocking those requests.

Who knows.

reply to Matt
You could (in theory) create a 4 billion line HOSTS file to lookup every domain name for you.

Then, when a server changes IP's, you'd have to edit your HOSTS file with the update.

And yes, I am kidding, but this is the reason DNS was created in the first place.

When the Internet was just a baby with several dozen nodes on it, they all had local HOSTS files. When this quickly got out of hand, the DNS concept was born.

reply to wlan907
These commie idiots amuse me. I dont see how they think they can keep 1.5 BILLION people in, essentially, slavery for any extended period of time, especially since they have opened the pandoras box of western goodies and lifestyle.

They will HAVE to interface with the rest of the world if their economy is to keep growing and they are to keep their people from revolting. That means information and education for the peasants if they are to be a effective workforce, not to mention a decent lifestyle like they see their bretheren living in the major cities. There is no going back now to the old days.

Sooner or later, their communist system will fall since it is, in many ways, incompatable with the free market system in the rest of the world, just as the comrades in Russia found out to their chagrin. Communism is a failed doctrine and I dont care how many secret police they have, a government cannot stand for long against a citizenry that hates it and does not support it.

Sooner or later, they will have to make changes and allow their people access to the rest of the world. It's inevitable. You can have all the economic muscle you want, but if you are isolated from your markets because of your trade policies it doesn't do you any good.

Companies in the world insist on fair laws and the enforcement of them, not to mention contracts, etc, before they invest and risk losing that investment. China will find it harder and harder as time goes on if they dont honor contracts, international law, etc. The flood of counterfeit goods is just one example. This internet control is another.

It is nothing more than another attempt to stop the people who have gotten around such things before. It's the same kind of thing the russians did and castro does today with shortwave jamming. Which, of course, failed miserably and it's too late now in any case since the chinese people have had access to the internet for years now in one manner or another.

I wonder what the chinese commies are going to do when their population reaches a higher standard of living and education in general and the standard government provided hovel and propaganda in the village just doesn't cut it any more.

reply to snipper_cr
if the HTML links have FQDN's yes, those sites wouldn't come up or would require a lookup. You would have to have the I.P's of those sites too. Images or pages that are loaded in the relative path to the document root on the webserver would still show up.

It is possible for them to block DNS traffic going outbound, and they probably will. They will probably set up caching on their DNS boxes to cache sites they will allow their folks to visit...if the names not registered in their own root servers first.

I'd assume it would be something like this:
Your name is Communist Bastard and your in China trying to get to www.ilikedemocracy.com. If someone has registered a domain with the Chinese on their DNS servers you will probably get routed to a server to someplace in China that will look up your i.p address for being a political dissident and you will be arrested. Now say no one has registered that name in the Chinese DNS servers, assuming the domain ilikedemocracy.com isn't blocked it would let you through. I would think companies like Ebay, Amazon, Google would have special blocks of I.P.s set aside for them or something.

reply to snipper_cr
if the HTML links have FQDN's yes, those sites wouldn't come up or would require a lookup. You would have to have the I.P's of those sites too. Images or pages that are loaded in the relative path to the document root on the webserver would still show up.

It is possible for them to block DNS traffic going outbound, and they probably will. They will probably set up caching on their DNS boxes to cache sites they will allow their folks to visit...if the names not registered in their own root servers first.

I'd assume it would be something like this:
Your name is Communist Bastard and you're in China trying to get to www.ilikedemocracy.com. If someone has registered a domain with the Chinese on their DNS servers you will probably get routed to a server someplace in China that will look up your i.p address for being a political dissident and you will be arrested. Now say no one has registered that name in the Chinese DNS servers, assuming the domain ilikedemocracy.com isn't blocked it would let you through. I would think companies like Ebay, Amazon, Google would have special blocks of I.P.s set aside for them or something.

reply to Fatal Vector

reply to OldschoolDSL