DNS Blocking
Manipulation of DNS responses to prevent domain resolution.
Definition
DNS blocking occurs when a DNS resolver returns incorrect or null responses for specific domain queries, preventing users from reaching the intended destination. This can manifest as NXDOMAIN responses (claiming the domain doesn't exist), redirects to warning pages, or connection timeouts.
DNS blocking is one of the most common censorship techniques because it's easy to implement at the ISP level and affects all users relying on that resolver. However, it's also relatively easy to circumvent by using alternative DNS providers.
How We Detect This
We compare DNS responses from ISP resolvers against control measurements from uncensored vantage points. When a resolver returns NXDOMAIN, a different IP, or times out for domains that resolve correctly elsewhere, we flag potential DNS blocking. We validate findings across multiple probes to reduce false positives.
Examples
- •ISP returns NXDOMAIN for blocked news sites
- •DNS queries redirected to government warning page
- •Timeout on DNS resolution for VPN provider domains