Ahead of Party anniversary, China poisons the internet

Today, 1 July, is the Communist Party’s 90th birthday. In celebration, Chinese web censors have been working feverishly to tighten their control of the internet.

Those of us who try to sidestep the Great Firewall with a VPN, a service that allows users to bypass regional filters by taking the connection to a different location – best described as a “tunnel” that allows access to the unfettered web – have been noticing that many services are increasingly unreachable.

My VPN service went AWOL on 28 June.

VPN companies say that China is using a new tactic – DNS poisoning – a more insidious method that requires VPN customers to re-download and reinstall software if they want to continue their access.

From my VPN service provider (name withheld):

“For the upcoming 90-year anniversary of the Communist Party of China (CPC) China has chosen a different approach: DNS-poisoning. This means that any VPN server or website that ends with “NAME OF VPN PROVIDER.COM” will be unreachable from China. The only way to solve this is by changing our domain name.”

Index on Censorship asked BestVPN, a VPN review website, to explain how DNS poisoning works and what lies in store for the cat and mouse game between Chinese web censors and VPN service providers. The webmaster who replied to these questions asked not to be named.

What is DNS poisoning?

Great Firewall (GFW) authorities have taken another rather ‘cheap’ measure to block the filtered sites i.e. DNS poisoning.

DNS is a system which translates your normal website addresses like youtube.com, facebook.com into numerical figures to send it to particular address in order to retrieve the information.

For example, as we cannot remember IP addresses like, therefore, we are normally given domain names like youtube.com to remember easily.

When we type a particular domain name in our address bar DNS translates it into an IP address and sends your request to a particular address to retrieve the information.

Now what the GFW authorities have done is that they have poisoned DNS, and the request you send by typing a particular URL (blocked URL) in your address bar, returns with fake or malicious content.

GFW authorities are doing this by ordering their ISPs [internet service providers] to take part in this and block/poison what is prohibited by them.

What do you recommend web users do in China if they find their VPN broken‘?

Well, there is nothing much visitors can do in China if their VPN service domain has been poisoned.

The only choice in my knowledge is for the VPN service provider to change their domain name.

In the past, several VPN service providers’ domain names were blocked in China by blocking their server IP addresses.

The providers changed their IP addresses and China again blocked it, and it went on until the GFW of China came up with DNS poisoning.

It is obviously not that easy [to change a domain name] as it has taken them years to build a website and a brand around one domain name.

If a VPN provider’s domain has been poisoned, you may face huge disruptions in services, until the domain name has been changed or de-poisoned.

Are there many more tools that China can use to cripple VPN?

Yes, China can do more and more, and up till now it has truly been a cat and mouse game.

We have seen China blocking VPN services and several other websites and we have seen VPN services breaking the GFW.

There are just as many ways to cripple VPN services in China, as there are to cripple the GFW.

There is nothing on the internet that cannot be decoded.

The one who suffers is the VPN user in China.