Educause Security Discussion mailing list archives

Re: China blocking DNS servers

From: Pete Hoffswell <Pete.Hoffswell () DAVENPORT EDU>
Date: Tue, 6 Jan 2004 15:16:27 -0500

The report is now about a year old.

In August 2003 it looks like it got slashdotted.  At the time, the real-time reporter may or may not have been working 
very well to begin with.

http://slashdot.org/articles/02/08/31/0557256.shtml?tid=153

I have an associate that manages connectivity to a factory in China via vpn, with a split tunnel.  He has no complaints 
of blocked sites.  I wonder if they have a different ruleset for foreign companies doing business out there.

It would be interested to know if anyone else knows of a real-time filter-checker for china, or other countries, for 
that matter.  My googlinig has not been productive.

Cheers!

- pete



Pete Hoffswell                                            616-732-1101 (Grand Rapids, x1101)
University LAN/WAN Coordinator              616-510-1198 (Mobile)
IT Services                                                 pete.hoffswell () davenport edu
Davenport University                                  http://www.davenport.edu

 -=-=-  Check out DU WiFi services - http://www.davenport.edu/du/currentstudents/wifi -=-=-

liudvikas.bukys () ROCHESTER EDU 01/06/04 08:58AM >>>

My university and a number of others are apparently having
some DNS server traffic blocked by some Chinese ISPs.

There is an excellent summary of the situation at:
  <http://cyber.law.harvard.edu/filtering/china/>
(this includes a real-time test interface that unfortunately,
at the moment, seems to classify all results as "indeterminate")
and there are related recent articles at:
  <http://www.mail-archive.com/ip () v2 listbox com/msg00290.html>
  <http://www.politechbot.com/pipermail/politech/2003-November/000212.html>

It was noticed here because there were some complaints from
potential Chinese applicants, followed by a remarkably low number
of Chinese applicants on a particular deadline.  For any of our
institutions seeking Chinese applicants, this is a business-critical
outage.


For the workgroups:

* One technical countermeasure is to beef up secondary DNS servers,
  particularly with high-volume DNS services (Akamai or UltraDNS?)
  that may be less likely to be blocked.  Has anyone looked into
  this angle?

* (Short-term measures could include migrating DNS servers to
  unblocked IP addresses -- an annoying and messy shell game.)

* Are the EDUCAUSE .edu operators aware of this issue?
  Any recommendations from them?  (How does one contact them?)

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

China blocking DNS servers Liudvikas Bukys (Jan 06)
- <Possible follow-ups>
- Re: China blocking DNS servers Pete Hoffswell (Jan 06)
- Re: China blocking DNS servers Clyde Hoadley (Jan 06)
- Re: China blocking DNS servers H. Morrow Long (Jan 06)
- Re: China blocking DNS servers Joe St Sauver (Jan 06)