Tuesday, March 29, 2016

Google completely blocked by DNS poisoning in China

On March 29, all of Google search domains are DNS poisoned. Google has been blocked in China since last year but the block was only IP block. 
At the time of the writing, the DNS poisoning against all google search domains are still effective. More specifically, the DNS poisoned domains are  *.google.*  and google.*  (* can be anything). However *.google.com is NOT DNS poisoned even though google.com is.  This is probably due to some other products hosted on *.google.com, for example, mail.google.com

Below is a domain lookup from outside China to a non-server inside of China, it should have returned no results. However, because the GFW injects fake DNS response, we saw fake IP address returned for google.com, google.com.hk and google.ca. In fact,  all country-specific google search domains are DNS poisoned.  If you're located outside of China, you can independently verify this by typing the same command into terminal and observe whether any fake IP addresses are returned.

Why DNS poisoning now? 

On March 27, for a few hours, Google is fully accessible in China. Google traffic report reflected a few hours of accessibility.

 Many speculate that the techinical reasons behind the "unblock" was due to the fact of Google used a fresh set of IP addresses (e.g http://tech.sina.com.cn/i/2016-03-28/doc-ifxqswxk9723114.shtml report censored already) or that GFW is down. I am still looking into exactly what happened.  However, this led to a storm on Weibo, claiming Google has been unblock. 

But at that time, many users thought the "unblock" was an intentional policy change as many rumors Google would return to China.  Even Hu jixin, the editor of Global Times chimed in on weibo, surprisingly saying that GFW should only be a temporary measure and the long term employment of it can only make Chinese society more fragile, and that the GFW should have some downtime occasionally, and eventually deprecated. The weibo was censored.   

As you can imagine, this short term of accessibility of Google caused so much society reaction and media attention to censorship. By DNS poisoning Google, even if Google adds new IP address in the future or if GFW is down for a short time, local DNS resolver will still return cached fake IP addresses. Hence Google will be blocked without any lapse.