Internet Censorship 101 - DNS Server Filtering

Martin Brinkmann
Dec 20, 2006
Updated • Mar 20, 2018
Internet
|
5

I decided to start an Internet Censorship 101 series of articles to look at and explain the various methods of censorship on the Internet and also at possible solutions.

The solutions can be useful to people who experience a form of censorship in the country they are living in or visiting. I'm going to start with a relatively weak - as in easy to bypass - form of censorship called DNS Filtering.

Whenever you try to access a website you type its url into the address bar or click on a link. The url is then communicated to a DNS server who looks up the domain's IP address so that your computer can make the connection to the server the requested website is hosted on.

It is relatively easy to censor by DNS. Just change the IP address associated with a domain to redirect the user to another website or display a not found error instead in the browser.

This means that the website that you want to access remains accessible of course but the information that the DNS server returns prevents you from accessing it as it is provides you with manipulated information.

Bypass Internet Censorship: DNS Bypass

There are two options that let you access the website. The first is to simply enter the IP address of the website that you want to visit instead of the url. You can use scripts that are freely available on the internet to lookup the IP of any URL.

This method works only if the IP address is associated with the website or service you want to access. You are out of luck if many websites are hosted on the same server, or if the website uses scripts of sorts that do not work with direct IP connections.

The second method is more reliable and works in all cases without issues.

If you change the DNS server that your computer uses to look up IP addresses, you will receive the correct result. Let us say that you life in China and that China banned access to Wikipedia. Instead of using a Chinese DNS server you use one from the United States which has the information that you need to access Wikipedia.

As long as you can use a third-party DNS provider, preferably a provider that operates out of another country, you should be able to bypass any DNS-based blocking of content on the Internet.

OpenDNS, a free service, would be one alternative as would be the following list of public DNS servers (use with caution and test before you use)

  • dns2.de.net - 194.246.96.49 (Frankfurt, Germany)
  • ns1.de.eu.orsn.net - 217.146.139.5 (Hildesheim, Germany)
  • resolver.netteam.de - 193.155.207.61 (Alfter-Impekoven, Germany)
  • sunic.sunet.se - 192.36.125.2 (Stockholm, Sweden)
  • master.ns.dns.be - 193.109.126.140 (Leuven, Belgium)
  • ns1.lu.eu.orsn.net - 195.206.104.98 (Belvaux, Luxembourg)
  • merapi.switch.ch - 130.59.211.10 (Zurich, Switzerland)
  • prades.cesca.es - 192.94.163.152 (Barcelona, Spain)
  • michael.vatican.va - 212.77.0.2 (Vatican City, Italy)
  • dns.inria.fr - 193.51.208.13 (Nice, France)
  • ns0.ja.net - 128.86.1.20 (London, UK)
  • nic.aix.gr - 195.130.89.210 (Athens, Greece)
  • ns.ati.tn - 193.95.66.10 (Tunis, Tunisia)
  • ns1.relcom.ru - 193.125.152.3 (Moscow, Russia)
  • trantor.umd.edu - 128.8.10.14 (College Park, MD, USA)
  • ns1.berkeley.edu - 128.32.136.9 (Berkeley, CA, USA)
  • merle.cira.ca - 64.26.149.98 (Ottawa, Canada)
  • ns2.dns.br - 200.19.119.99 (Sao Paulo, Brasil)
  • ns2.gisc.cl - 200.10.237.14 (Santiago, Chile)
  • ns.uvg.edu.gt - 168.234.68.2 (Guatemala, Guatemala)
  • ns1.retina.ar - 200.10.202.3 (Buenos Aires, Argentina)
  • ns.unam.mx - 132.248.253.1 (Mexico City, Mexico)
  • ns.wide.ad.jp - 203.178.136.63 (Osaka, Japan)
  • ns.twnic.net - 192.83.166.11 (Taipei, Taiwan)
  • ns3.dns.net.nz - 203.97.8.250 (Wellington, New Zealand)
  • box2.aunic.net - 203.202.150.20 (Melbourne, Australia)

Changing the DNS Server is done in the matter of minutes; how you do it depends on the operating system that you use.

In Windows XP you open the control panel and click on network connections. You right-click on the connection and select properties from the context menu.

In newer versions of Windows, you right-click on the connectivity icon in the system tray area and select the Network & Internet options link from the menu, on the next page the option to change adapter options. Right-click on the active connection and select properties to open configuration options.

Select the Internet Protocol (TCP / IP) and click on Properties in the menu. Click on use the following DNS server addresses and enter a preferred and alternate DNS server in the two fields. Make sure you enter the IP addresses correctly as your computer will use the IPs to resolve domain names into IP addresses. If the IP is incorrect, you won't be able to connect to any site on the Internet anymore.

Click on the apply button, close the menu and restart your computer. Once that is done you are using the new DNS server which should bypass the censorship.

You can alternatively use programs such as DNS Jumper that help you change the DNS with a couple of mouse clicks.

Related articles

Summary
Article Name
Internet Censorship 101 - DNS Server Filtering
Description
I decided to start an Internet Censorship 101 series of articles to look at and explain the various methods of censorship on the Internet and also at possible solutions.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Maximi89 said on August 19, 2011 at 4:07 am
    Reply

    I prefer OpenNIC DNS :D an alternative root DNS server http://www.opennicproject.org

    they are really noncensor ;)

  2. Whoah said on August 24, 2008 at 9:45 pm
    Reply

    http://www.dnsserverlist.org is doing a beta on an app that changes your DNS automaticly to fast dns servers and only whitehat dns, apply to eval the app

  3. jack said on May 2, 2008 at 1:44 am
    Reply

    what does internet censorship mean i mean the definition of it

  4. Lenny said on December 20, 2006 at 9:55 pm
    Reply

    Lol where was this article when i was at high school!

  5. gnome said on December 20, 2006 at 4:29 pm
    Reply

    Ah you got Greece too…. That’s nice.

    :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.