An update to the list of blocked websites in Australia was announced today via the Federal Courts system to block proxies and torrent websites. I’m not going to get into the moral or ethical debate over pirating material in this post but what I am going to do is show just how mind-numbingly easy it is to circumvent the blocking process that Australian internet providers have implemented it to keep the courts happy.
What is the DNS system?
DNS is how your computer translates a domain name into the IP address of the server hosting the requested content. It was first developed decades ago and started off as a manually maintained text file. Back then, there weren’t that many computers on the “internet” such as it was. Whenever a new machine was added to the network a new entry was added to the text file, then that file was sent around to all the computers. Obviously not a scalable solution.
Eventually it became obvious that a different solution would be required so certain servers were set up as Domain Name Servers, basically they were a giant text file full of Domain Name to IP Address records and any computer on the network could question them and they would answer. As the number of machines connected to the internet grew the number of requests to these Root DNS machines increased. A combination of this increase in traffic and geographic distances between client machines and servers, the lag in getting answers was noticeably slowing down internet access.
To account for this slowdown ISPs started deploying their own DNS machines on their network. As users went to various domain names the ISPs would cache their results so that future DNS lookup requests wouldn’t have to go all the way to the Root DNS machines.
These secondary DNS machines saved a lot of time and traffic but led to a problem. ISPs would have a record of every domain you were accessing. They could also alter the IP address that a domain was related to. This is the process that Australian internet services providers have implemented for this block. If you are using the default internet settings provided by a company like Telstra or Optus, when you enter a domain name into your browser your computer first checks your local hosts file, then asks your router, which then asks your ISP, which then asks the Root DNS machines. By setting up a read-only field for the blocked domain name in the ISP level DNS machines you can effectively block any requests.
The workaround
So given how the blocks are being implemented all we need to do is tell our computers to ask another DNS Machine that isn’t controlled by our ISP. And given that most ISPs have slow and poorly implemented DNS machines there are a few companies out there that offer their own services.
I use CloudFlare’s 1.1.1.1 service. It is free, fast, and secure. Google has their own at 8.8.8.8 and then there is OpenDNS. By telling your network to consult them instead of the ISP you can bypass the court mandated blocking.