Wow this is something shocking , MCMC has managed to block malaysia-today through DNS null routing (I’ll explain on DNS null routing later). Its a very shocking news and it shows that MCMC is capable of anything (who knows , they might even block p2p protocol one day or better yet block all those file sharing sites – We might never know). Anyhow , what concerns me is the method that they used to block it , currently all 3 ISPs in Malaysia obeys this rule (that is by null-routing). I’m here to explain on null routing and how it works rather then just talking crap. These ISPs use a method called DNS Blacklisting , they black list the domain name , in other words – When you load your web-browser and type a blocked address in this case – Malaysia Today’s Address , your browser quires the DNS Server which acts as the phonebook and then provides the computer back the IP address it should retrieve data from. But then now the DNS entry has been altered in the DNS server , when your computer quires for the IP Address , the DNS server simply replies it with localhost/127.0.0.1 , which results in a page could not be found error (It says , eh that site is in your PC !). Its a neat way to block sites, but however its still possible for users to access the web-site if they key-in the Ip address of the site manually , as it would bypass DNS servers directly and connects to the server. Although this method isn’t efficient but its pretty good to keep folks out of the site , thinking that its down for good or there is no way to bypass it.
Here is an example , two screenshots which I’ve taken .
As you see above (my Local connection) , it shows the address of malaysia-today.net as 127.0.0.1 and compare it with the screenshot below (my SSH conncetion – a server located in the states) it replies me back with the name server , the ip addresses of the server and other useful information. This shows that the DNS query has been blacklisted in my remote server. Usually , ISPs will black list certain sites to prevent users from visiting it or to block spammers , there are even several other reasons as well
So that is how they do it , basically its done in the DNS entry. Oh yeah , you may be asking me what is dig and what does it do , dig(which is an abbreviation for Domain Information Groper) is a unix tool to query the DNS Server , in other words it looks up for the IP address of the adress that you have entered. For all *nix based operting system such as MacOSX and Linux , this tool comes along with your distribution , as for windows if you want to get it , you may download it from this site (Bear in mind , its bit complex to set it up) If you’re looking for a good DNS Server that provides more control over your DNS control and if you would like to block certain sites in your college or university , do consider trying OpenDNS. Its a pretty good alternative to your ISP’s Default DNS Servers ! – Once again you may never know whats going to hit next. All of a sudden they might block Torrent trackers or worst – They might even censor certain sites. Keep in mind , there is no such thing as 100% anonymity once you’re connected to the World Wide Web !