How To Manage DNS in China
This is a guest blog post from Carl Levine, Senior Technical Evangelist at NS1.
Boasting the largest population of internet users in the world, China remains one of the greatest opportunities and risks in the proliferation of an open, and free internet. While the country has been “online” since the late 1980s with an email system that did not use the ubiquitous TCP/IP transport that we’re accustomed to today, China’s interoperability with the rest of the world has arguably been one of the greater challenges facing network operators and businesses alike.
The Great Firewall
Enabled in 2000, the Golden Shield Project, or “Great Firewall of China” as it is colloquially referred to, aimed to monitor the activity of every internet user within the country, and act as a content control system to enable censorship of materials that were deemed objectionable by the government. A large number of websites that would otherwise be easy to access anywhere else in the world are flat-out banned by the Chinese government, which also leads to a lot of mimicked versions of popular foreign websites and resources.
A number of tactics are leveraged in enabling the censorship and monitoring of internet usage, including but not limited to deep packet inspection, DNS cache poisoning, and IP filtering. Naturally, this degree of censorship and oversight has led to a number of Chinese internet users to tunnel out of the country on a VPN or SSH connection, at the expense of speed or reliability when connecting to the foreign resources.
Addressing DNS Challenges in China and Beyond
As DNS is the critical part of any interaction with the internet, ensuring reliable and performant DNS transactions within China remains one of the great challenges. Due to the nature of the “Great Firewall”, the DNS’ operation within the mainland is typically not as resilient or reliable as the rest of the world, and of course, susceptible to cache poisoning.
In order to ensure optimum traffic distribution and application delivery within mainland China, modern DNS technology must be deployed. This stems largely from the proliferation of mobile technology, and its leapfrog over conventional personal computer use. Much like the rest of the world, the implications of mobile devices accessing the internet are becoming palpable in the daily lives of network operators.
While the DNS has been an essential part of the internet we all know and use today, the core technology was designed for a much smaller, and less dynamic landscape. To that end, DNS technology has only been able to grow within the bounds of the RFC and ubiquitous open-source or commercially available name server software solutions. At NS1, we took an objective look at the changing dynamics of the internet and built a vendor-agnostic, next-generation DNS solution that provides a control plane for the modern technology stack. Deploying next-generation DNS technology within China is one way that NS1 continues to lead the charge.
Further Learning
Join Catchpoint’s CEO Mehdi Daoudi, and NS1’s Lead Solutions Engineer Devin Bernosky for a webinar on June 6th to learn about addressing the challenges of application delivery in China. The two will discuss strategies and tactics that can be used to increase performance within mainland China, and how to connect China to the rest of the internet with greater confidence and performance than ever before.