,
14 tweets,
5 min read
Read on Twitter
So I talked about the primary way the Great Firewall (hereafter GFW) works, but if you live in China the error message I showed is probably not the only one you're familiar with. I'm going to try to explain another major one, DNS spoofing 1/
First, some history. From the beginning of the internet people realized how hard it would be to memorize IP addresses and created human readable words called hostnames that people could remember instead, but they still needed a way to translate a hostname in an IP address. 2/
The first solution was just to have a file called hosts.txt that contained a list of all hostnames and IP addresses. It was stored on a computer in Stanford and you would go and ask for it. No really, that's the way they used to do it. 3/
Every time you wanted to update your IP address, add a new host, or make any change you had to tell the guys at Stanford, wait for them to change it, and then wait for everyone on the planet to redownload the new file. 4/
This was OK when the internet was just a way for a small number of academics to communicate, but obviously was never going to work for any large number of hosts. Your smart toaster doesn't have the resources to store every single domain name on the internet. 5/
Enter the Domain Name System (DNS), a database that today spans the world and provides IP addresses for any host on the internet. I've attached what a DNS query looks like if you're curious. 6/ 
BTW the "IN" stands for INTERNET, because this was before they knew the internet was going to use the Internet Protocol. They designed the database to handle addresses other than IP. 6a/
This database is not stored in one piece. It's broken up into a tree structure with most DNS servers only holding the lower branches. When it receives a request it answers it if it can, and if it can't it asks the next server up the tree where to find it. 7/
BTW #2, looking at that tree structure and knowing that the "." is used to combine two separate entities, you're probably realizing why URLs look like they do! It's so DNS knows how to climb the tree to look for the address! 7a/
But this distributed structure also has a vulnerability. The GFW can simply set up its own DNS servers and have them lie to you, giving you bogus addresses. I can make up a website like falungong1234124.com and I still get an address because the GFW is lying to me. 8/
Foreign DNS servers aren't actually blocked in China, so I can query google's server (address 8.8.8.8 which is really easy to remember) to get the correct answer, which is that there is no such entry (notice the lack of the "ANSWER SECTION" that was in the previous one. 9/
DNS messages are not secured though, so when the GFW detects a DNS request it doesn't like going abroad it will forge its own response and try and send it to you before the real one gets back. If it beats the real one to the punch your computer takes the fake as gospel. 10/
It's literally a race between the real and the fake, and sometimes the real will win, sometimes the fake will. Here's the same request as the last one, but what it looks like when the fake one makes it. Notice how it looks like 8.8.8.8 is saying the site exists now! 11/
So if you've ever waited a couple minutes of a page "loading" and then gotten one of these errors, you may have been sent on a wild goose chase looking for a website at an address that doesn't exist. 12/
