Internet Censorship 101 - DNS Server Filtering
I decided to start an Internet Censorship 101 series of articles to look at and explain the various methods of censorship on the Internet and also at possible solutions.
The solutions can be useful to people who experience a form of censorship in the country they are living in or visiting. I'm going to start with a relatively weak - as in easy to bypass - form of censorship called DNS Filtering.
Whenever you try to access a website you type its url into the address bar or click on a link. The url is then communicated to a DNS server who looks up the domain's IP address so that your computer can make the connection to the server the requested website is hosted on.
It is relatively easy to censor by DNS. Just change the IP address associated with a domain to redirect the user to another website or display a not found error instead in the browser.
This means that the website that you want to access remains accessible of course but the information that the DNS server returns prevents you from accessing it as it is provides you with manipulated information.
Bypass Internet Censorship: DNS Bypass
There are two options that let you access the website. The first is to simply enter the IP address of the website that you want to visit instead of the url. You can use scripts that are freely available on the internet to lookup the IP of any URL.
This method works only if the IP address is associated with the website or service you want to access. You are out of luck if many websites are hosted on the same server, or if the website uses scripts of sorts that do not work with direct IP connections.
The second method is more reliable and works in all cases without issues.
If you change the DNS server that your computer uses to look up IP addresses, you will receive the correct result. Let us say that you life in China and that China banned access to Wikipedia. Instead of using a Chinese DNS server you use one from the United States which has the information that you need to access Wikipedia.
As long as you can use a third-party DNS provider, preferably a provider that operates out of another country, you should be able to bypass any DNS-based blocking of content on the Internet.
- dns2.de.net - 188.8.131.52 (Frankfurt, Germany)
- ns1.de.eu.orsn.net - 184.108.40.206 (Hildesheim, Germany)
- resolver.netteam.de - 220.127.116.11 (Alfter-Impekoven, Germany)
- sunic.sunet.se - 18.104.22.168 (Stockholm, Sweden)
- master.ns.dns.be - 22.214.171.124 (Leuven, Belgium)
- ns1.lu.eu.orsn.net - 126.96.36.199 (Belvaux, Luxembourg)
- merapi.switch.ch - 188.8.131.52 (Zurich, Switzerland)
- prades.cesca.es - 184.108.40.206 (Barcelona, Spain)
- michael.vatican.va - 220.127.116.11 (Vatican City, Italy)
- dns.inria.fr - 18.104.22.168 (Nice, France)
- ns0.ja.net - 22.214.171.124 (London, UK)
- nic.aix.gr - 126.96.36.199 (Athens, Greece)
- ns.ati.tn - 188.8.131.52 (Tunis, Tunisia)
- ns1.relcom.ru - 184.108.40.206 (Moscow, Russia)
- trantor.umd.edu - 220.127.116.11 (College Park, MD, USA)
- ns1.berkeley.edu - 18.104.22.168 (Berkeley, CA, USA)
- merle.cira.ca - 22.214.171.124 (Ottawa, Canada)
- ns2.dns.br - 126.96.36.199 (Sao Paulo, Brasil)
- ns2.gisc.cl - 188.8.131.52 (Santiago, Chile)
- ns.uvg.edu.gt - 184.108.40.206 (Guatemala, Guatemala)
- ns1.retina.ar - 220.127.116.11 (Buenos Aires, Argentina)
- ns.unam.mx - 18.104.22.168 (Mexico City, Mexico)
- ns.wide.ad.jp - 22.214.171.124 (Osaka, Japan)
- ns.twnic.net - 126.96.36.199 (Taipei, Taiwan)
- ns3.dns.net.nz - 188.8.131.52 (Wellington, New Zealand)
- box2.aunic.net - 184.108.40.206 (Melbourne, Australia)
Changing the DNS Server is done in the matter of minutes; how you do it depends on the operating system that you use.
In Windows XP you open the control panel and click on network connections. You right-click on the connection and select properties from the context menu.
In newer versions of Windows, you right-click on the connectivity icon in the system tray area and select the Network & Internet options link from the menu, on the next page the option to change adapter options. Right-click on the active connection and select properties to open configuration options.
Select the Internet Protocol (TCP / IP) and click on Properties in the menu. Click on use the following DNS server addresses and enter a preferred and alternate DNS server in the two fields. Make sure you enter the IP addresses correctly as your computer will use the IPs to resolve domain names into IP addresses. If the IP is incorrect, you won't be able to connect to any site on the Internet anymore.
Click on the apply button, close the menu and restart your computer. Once that is done you are using the new DNS server which should bypass the censorship.
You can alternatively use programs such as DNS Jumper that help you change the DNS with a couple of mouse clicks.