How Great is the Great Firewall? Measuring China's DNS Censorship

by   Nguyen Phong Hoang, et al.

The DNS filtering apparatus of China's Great Firewall (GFW) has evolved considerably over the past two decades. However, most prior studies of China's DNS filtering were performed over short time periods, leading to unnoticed changes in the GFW's behavior. In this study, we introduce GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains daily, enabling continuous monitoring of the GFW's DNS filtering behavior. We present the results of running GFWatch over a nine-month period, during which we tested an average of 411M domains per day and detected a total of 311K domains censored by GFW's DNS filter. To the best of our knowledge, this is the largest number of domains tested and censored domains discovered in the literature. We further reverse engineer regular expressions used by the GFW and find 41K innocuous domains that match these filters, resulting in overblocking of their content. We also observe bogus IPv6 and globally routable IPv4 addresses injected by the GFW, including addresses owned by US companies, such as Facebook, Dropbox, and Twitter. Using data from GFWatch, we studied the impact of GFW blocking on the global DNS system. We found 77K censored domains with DNS resource records polluted in popular public DNS resolvers, such as Google and Cloudflare. Finally, we propose strategies to detect poisoned responses that can (1) sanitize poisoned DNS records from the cache of public DNS resolvers, and (2) assist in the development of circumvention tools to bypass the GFW's DNS censorship.


page 1

page 2

page 3

page 4


Measuring and Evading Turkmenistan's Internet Censorship: A Case Study in Large-Scale Measurements of a Low-Penetration Country

Since 2006, Turkmenistan has been listed as one of the few Internet enem...

ICLab: A Global, Longitudinal Internet Censorship Measurement Platform

Researchers have studied Internet censorship for nearly as long as attem...

A Study of Newly Observed Hostnames and DNS Tunneling in the Wild

The domain name system (DNS) is a crucial backbone of the Internet and m...

Catch Me (On Time) If You Can: Understanding the Effectiveness of Twitter URL Blacklists

With more than 500 million daily tweets from over 330 million active use...

A Large-Scale Analysis of Phishing Websites Hosted on Free Web Hosting Domains

While phishing attacks have evolved to utilize several obfuscation tacti...

Distributed Deep Forest and its Application to Automatic Detection of Cash-out Fraud

Internet companies are facing the need of handling large scale machine l...

The End of the Canonical IoT Botnet: A Measurement Study of Mirai's Descendants

Since the burgeoning days of IoT, Mirai has been established as the cano...

Please sign up or login with your details

Forgot password? Click here to reset