Chinese DNS Tampering a Real Threat To Outsiders 181
Trailrunner7 writes "China has long used the Internet's Domain Name Service to censor Web sites and information that the ruling Communist Party deems threatening. But now security experts warn that the government's censorship is in danger of spilling over China's borders, suppressing the ability of those living outside of China to find information online. An estimated 57% of all networks on Earth passed DNS requests through a Chinese DNS rootserver at some point in 2010, according to data from security firm Renesys. Tampering by the Communist Party there poses a danger to Internet security and freedom. In fact, DNS tampering may be a bigger threat than techniques like BGP (Border Gateway Protocol) hijacking, which is believed to be responsible for an unexpected shift in Internet routing in April that has recently been the subject of mainstream media reports in the US. There is already evidence that China's efforts to tamper with DNS have bled outside the country's borders. The same report to Congress from the US-China Economic and Security Review Commission that called attention to the BGP hijacking incident from April, 2010 also mentions a March, 2010 incident in which Internet users in the US and Chile attempted to connect to social networking websites banned by the Chinese government. However, their DNS requests were handled by a Beijing-based Domain Name Server, which responded with incorrect DNS information that directed the surfers to incorrect servers, the report says."
So, which is worse? (Score:1, Interesting)
So, is it better to have China fucking around with the internet, or the US?
Quite frankly, I don't think either of them should be able to do it.
Fuck the both of them.
peter's wolf... (Score:3, Interesting)
At what point are we going to get sick enough of this garbage to just completely segregate China from the rest of the internet?
US DNS Tampering a Real Threat To Outsiders (Score:3, Interesting)
Mod server down (Score:4, Interesting)
If only you could mod servers up or down, giving them some sort of reputation history. The your OS could determine a trusted anchor based on a server's "karma" and your requirements*. A system parallel to DNSSEC for apportioning, updating, and validating trust.
* yeah, I'm borrowing Slashdot terminology. But what the heck, it kind of works.
Re:US DNS Tampering a Real Threat To Outsiders (Score:5, Interesting)
Re:Root servers? (Score:1, Interesting)
Why should you trust the US with anything? China has so far not been tampering with the worldwide independent organization of either DNS or ICANN. Something the US can't really say anymore.
It would be similar to saying, should we give control to Hitler, Stalin or Mussolini.
Re:And ? (Score:2, Interesting)
having a legal fight over who owns abc.com
and
deliberately misleading people and pretending to be/own abc.com
There can be abuses of either system, but rerouting traffic on the sly is potentially more dangerous to users than openly seizing a domain name.
Re:Root servers? (Score:3, Interesting)
Because your ISP hired a lazy ass admin, that's why. Run your own DNS, remove the Chinese root servers from it. Problem solved.