Internet and Web Filtering – Using DNS

All across the world – most countries, government and organisations are  blocking access to bits of the internet they don’t want you to see.  Of course sometimes this censorship seems sensible but it’s interesting to know the actual methods that are used.

There’s three main methods

  • IP Address Filters
  • URL (Content) Filters
  • DNS Filtering

Most of these can be fairly easily bypassed though which is an important point in itself.  Because  there are numerous ways to avoid these filters then by definition they are only censoring those who don’t have access to any of these methods.  In effect you have two distinct groups – one group who are censored and those who aren’t.

Anyway this post is intended to briefly explain one of these methods and that’s DNS filtering.

Filtering the Internet Using DNS

This method is also known as DNS tampering and is quite a clumsy method of blocking access to sites.  There are some slight variations in the way it is implemented.  However normally it starts with the ISPs in a particular country receiving a list of domain names that they want blocked.

Now normally when you type in a web address into your browser, DNS is responsible for mapping that name to a specific IP address.  Your computer will make a request to the ISP DNS server asking for the correct address and then your browser will be able to locate the correct web page.

However using DNS filtering the DNS server is instructed to deliver an incorrect address and instead routes you through to a different page.   So for instance if you just wanted to check out a porn site in Qatar, instead of being routed through to  the Playboy server you’d receive this screen instead.

In this example you’ve been redirected to a rather stern web page, but sometimes it will just be routed to an error page or to an non-existent address to look like it simply failed.   One of the many problems with this method is that it only operates with a full domain name – so for example if a country wanted to block access to a YouTube video by this method, it would have to block access to all of YouTube.

It’s a very simple and blunt filtering system and is in fact incredibly easy to bypass.  All you have to do is replace the ISP DNS server with another one that distributes the correct addresses.   There are thousands available from all over the world, you can even run your own.    A reliable one that may people use is the Google DNS server.

If you are not sure where to change the DNS server have a look at this next screenshot.

Here is where you add them in Vista in the properties tab of your network connection.  If you specify a DNS server here then that connection will use that one to resolve addresses.  If you don’t specify a DNS server you will end up using the one auto assigned by your ISP when you connect.  If you have any problems there are configuration screens for all versions of Windows on the Google DNS Link above. Here’s an update to include a variation on using DNS to bypass/filter web sites it’s called Smart DNS – you can see a video about it here.

This is becoming a part of everyone’s life online, where companies and countries try to restrict access to content.  The technology available to open it up again is also developing – whether it’s blocks from countries like China or people using American DNS for Netflix viewing,

It’s a very easy type of filtering to bypass when  you know how.  It’s not really worth the bother especially as it’s really messing around with a fundamental component of the World Wide Web.   If everyone started putting false entries in their DNS servers we’d end up with an extremely unreliable internet infrastructure.