In a previous post, it became clear that censorship in The Netherlands has started. Due to the nature of the Internet and how it has been implemented in most lands, it means there is no central point of control to stop all to an IP-address. This means every network owner needs to take action, but how do they do it?
In the case of thepiratebay.org, it looks like it has been done by manipulating DNS-answers. The first attempt is just using the DNS-resolver from the internet access provider and the second is an attempt using Google public resolvers.
$ dig thepiratebay.org ; < <>> DiG 9.8.1 < <>> thepiratebay.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6811 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;thepiratebay.org. IN A ;; ANSWER SECTION: thepiratebay.org. 10 IN A 220.127.116.11 ;; ADDITIONAL SECTION: thepiratebay.org. 10 IN TXT "Forged by XS4ALL for Stichting B.R.E.I.N." ;; Query time: 19 msec ;; SERVER: 192.168.178.1#53(192.168.178.1) ;; WHEN: Sat Feb 4 08:15:35 2012 ;; MSG SIZE rcvd: 104 $ dig thepiratebay.org @18.104.22.168 ; <<>> DiG 9.8.1 < <>> thepiratebay.org @22.214.171.124 ;; global options: +cmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 4847 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;thepiratebay.org. IN A ;; ANSWER SECTION: thepiratebay.org. 2596 IN A 126.96.36.199 ;; Query time: 26 msec ;; SERVER: 188.8.131.52#53(184.108.40.206) ;; WHEN: Sat Feb 4 08:16:16 2012 ;; MSG SIZE rcvd: 50
By just changing DNS resolvers on the client or internet router the censorship can be bypassed for now. The question remaining is how long this is going to stand when the first article is published by a big computer magazine on how to bypass it. Or when sites also get a .onion to bypass DNS completely.