Computers on the internet have IP addresses, and web sites are stored on some of those computers. The Domain Name System - DNS for short - is the way that your computer translates Domain Names (yaleman.org, google.com) into IP addresses. The simplest analogy I can think of is a community-based assistance service which matches people and their street addresses.
A very contrived example:
- **Adam **wanted the street address for **Betty **in Cardiff.
- He looks in his local address book, and it’s not there.
- He calls his directory assistance service who don’t have Betty’s address, so they call someone else on his behalf.
- The “someone else” is one of fourteen international switch boards who direct requests to other local directory services.
- It directs Adam‘s service to the service for Cardiff.
- The Cardiff service provides Betty‘s address - 123 Fourth Avenue.
- Adam visits Betty for tea. Great success!
Replace directory assistance with DNS server, address with IP address, Adam for your PC and Betty with your favourite web site and you get the idea of where we’re going with this.
In Turkey, China and many other countries - now including my home, Australia - legislation has been enacted to poison this system. This is to “protect” people from kiddie porn and illegal downloading, or block opinions that don’t agree with the people in charge. Modifying DNS is a fairly simple way for the system to be changed at central points and can be targeted geographically.
Back to our example, with a twist:
- **Adam **wanted the street address for Betty in Cardiff.
- He looks in his local address book, and it’s not there.
- He calls his directory assistance service who say that Betty lives at 456 Blocked Road. This is because the government has decided that Betty is a pernicious influence on society and that she must be stopped.
- Adam trusts this information and ends up at the local police station, rather confused and missing out on his tea.
The weakness of this method is that it’s so easy to avoid.
DNS isn’t hosted at a single place, so selectively blocking it would likely break large swathes of the internet. Using your Internet Service Provider’s DNS server is the position that most people take because it’s normally fast, reliable and primarily because it’s the default.
In future, Adam knows his directory assistance has been tainted by the government, so he calls someone else for the information.
As in Turkey and other examples, if sites are being blocked by DNS poisoning, the easiest way to circumvent it is by using alternative name servers like Google’s. They’re hosted at 8.8.8.8 and 8.8.4.4. These are just two prime examples and there are many, many places to resolve DNS - including the Root Name Servers (the international directory assistants - but if everyone did that, it’d be a bit of a bad idea).
Let me repeat that:
… if sites are being blocked by DNS poisoning, the easiest way to circumvent it is by using alternative name servers …
Does this sound hard? It’s easier than it looks.
There’s great guides here on OpenDNS’ site. They’re an alternative DNS service who also provide services such as ad blocking and category-based denial if you’ve got kids, and they publicly state that they refuse to be complicit in censorship. You can easily find alternative DNS servers with a quick search.
The government has pushed this change onto us without us asking for it, but we don’t have to accept it. Peaceful protest combined with effective representation should be the way to avoid and resolve these kinds of problems, but sometimes taking a silent stand is another.