The collateral damage of internet censorship by DNS injection

Appears in: 
CCR July 2012

Some ISPs and governments (most notably the Great Firewall of China) use DNS injection to block access to "unwanted" websites. The censorship tools inspect DNS queries near the ISP's boundary routers for sensitive domain keywords and inject forged DNS responses, blocking the users from accessing censored sites, such as twitter and facebook. Unfortunately this causes collateral damage, affecting communication beyond the censored networks when outside DNS traffic traverses censored links. In this paper, we analyze the causes of the collateral damages and measure the Internet to identify the injecting activities and their effect. We find 39 ASes in China injecting forged DNS replies. Furthermore, 26 of 43,000 measured open resolvers outside China, distributed in 109 countries, may suffer some collateral damage from these forged replies. Different from previous work that considers the collateral damage being limited to queries to root servers (F, I, J) located in China, we find that most collateral damage arises when the paths between resolvers and some TLD name servers transit through ISPs in China.

Public Review By: 
Philip Levis

We all know that some countries or organizations limit access to the Internet. The largest and most famous instance of this is the system deployed in China, commonly referred to as the Great Firewall of China (GFC). The GFC blocks or restricts access from users within China to certain sites, such as Facebook, Wikipedia, Google, and Twitter. This paper examines whether systems such as the GFC create collateral damage -- that is, whether they block access to sites from users beyond those intended. The paper finds that one approach taken, DNS response spoofing, affects not only traffic originating from within a censoring autonomous system (AS), but also transit traffic passing through a censoring AS. By leveraging details of how these systems inject DNS responses, the paper is able to pinpoint which ASes they reside in. By leveraging open DNS resolvers, the paper is able to characterize how common this collateral damage is as well as where is most greatlyaffected. The paper finds that some TLDs suffer from significant collateral damage. In the most extreme case, 70% of the open resolvers from Korea suffer collateral damage for queries to .de, such as DNS queries from these resolvers in Korea pass through a censoring AS and so are censored. As one reviewer noted, this raises the very interesting question of why DNS traffic from resolvers in Korea for German sites flows through the GFC. This paper is a bit different than normal CCR publications because it is anonymous. The authors asked the CCR editor if they could remain anonymous; their identities were never revealed to me during the review process. Because authorship can provide a validation of results -- someone is willing to put their name on them -- the review process for the paper was much more stringent than normal. It had five reviews, including experts in DNS, Internet governance, security, and Internet measurement. Based on these reviews, I worked with the authors to make the measurement methodology as clear as possible without jeopardizing anonymity. I found this paper fascinating due to how it demonstrates one way that politics affects how the Internet behaves. I hope you enjoy it as much as I did.