How Countries Filter Your Internet Access - DNS Filtering

There's not many countries who don't filter internet access to some extent, whether this censorship is something you agree with or not - it's interesting to know how they actually block your access to web sites.    There are variations on the solutions that are implemented but they generally fall into the following three categories -

  1. DNS (Domain Name System) Filtering
  2. IP (Internet Protocol) Address Filtering 
  3. URL Filtering
We'll briefly cover each of the methods in the following posts and I'll also show easy it is to bypass this without the need for any sort of anonymous surfing software.   One of the problems with these methods is the transparency of when they are used, many countries like China are quite open about the extent to which they block access to web sites, many others (especially those with democratic pretensions) persistently deny filtering their countries web access.  At least with the countries who have a transparent policy you know that your internet feed is being filtered.

DNS Filtering

This method is often called DNS tampering and I'm not sure why but I really dislike this method.   It operates in a few slightly different ways, but normally the ISPs receive a list of domain names that are to be banned.   Now normally DNS is responsible for mapping a domain name to the correct IP address, but in this situation the name is mapped to a Government or ISP server instead.  So when you tried to access Facebook for instance you would be redirected to perhaps a warning page held on a Government server instead.   

Of course sometimes you won't get redirected all all, you'll just get a non-existent IP address and just end up with an error in your browser, probably not realizing you've been censored at all.   This slightly sneakier method is used when the site being blocked is something they'd rather not admit - like human rights and free speech sites.

One of the biggest problems with this method is that it operates at the domain level, so if you've decided that there's something ever so bad in a Facebook Fan Site or a certain video on YouTube then you have to block the lot.  When you can't resolve the root domain you won't be able to resolve any of the pages on the site.   

This is also a very simple filtering system  so it's really easy to bypass, all you have to do is simply use a different DNS server than the ones from your ISP.  When you do this, you'll escape from the meddling ISP and get the correct IP addresses for each domain and if there are no other filtering technologies being used you will have access to the site.

There's loads of DNS servers you can use online, many people use OpenDNS, I tend to use the Google DNS servers - you can find here Google Public DNS.   The addresses are currently and but check the link to make sure that information is still current.  

Then all you need to do is force your connection to use the specified DNS servers rather than the ones which will be auto-assigned by your ISP when you connect.

Here's a screenshot of where to add them in Vista - 

Just pop in the Google DNS server addresses in there, you'll find this screen in the properties section of the network connection you are using.  If you're not sure how to get there check the Google DNS link above as there are some configuration settings.  It takes a few minutes but it's not difficult at all, if you're doing it for a lot of computers then you can also put the settings in your router or managed hub.

That's all it takes to bypass DNS Tampering, so it's really not worth the bother, in the end it messes around with your network infrastructure and does a pretty poor job at blocking web sites anyway, you're merely hiding them rather than blocking the sites.

Thought I'd add to this post about DNS, just been reading up about SmartDNS which is increasingly being used online.  It's a great way to bypass Geotargeting blocks - just watch this video.

I'll cover IP address filtering in my next post.