Blog Post

How To Manage DNS in China

Published
June 5, 2018
#
 mins read
By 

in this blog post

This is a guest blog post from Carl Levine, Senior Technical Evangelist at NS1.

Boasting the largest population of internet users in the world, China remains one of the greatest opportunities and risks in the proliferation of an open, and free internet. While the country has been “online” since the late 1980s with an email system that did not use the ubiquitous TCP/IP transport that we’re accustomed to today, China’s interoperability with the rest of the world has arguably been one of the greater challenges facing network operators and businesses alike.

The Great Firewall

Enabled in 2000, the Golden Shield Project, or “Great Firewall of China” as it is colloquially referred to, aimed to monitor the activity of every internet user within the country, and act as a content control system to enable censorship of materials that were deemed objectionable by the government. A large number of websites that would otherwise be easy to access anywhere else in the world are flat-out banned by the Chinese government, which also leads to a lot of mimicked versions of popular foreign websites and resources.

A number of tactics are leveraged in enabling the censorship and monitoring of internet usage, including but not limited to deep packet inspection, DNS cache poisoning, and IP filtering. Naturally, this degree of censorship and oversight has led to a number of Chinese internet users to tunnel out of the country on a VPN or SSH connection, at the expense of speed or reliability when connecting to the foreign resources.

Addressing DNS Challenges in China and Beyond

As DNS is the critical part of any interaction with the internet, ensuring reliable and performant DNS transactions within China remains one of the great challenges. Due to the nature of the “Great Firewall”, the DNS’ operation within the mainland is typically not as resilient or reliable as the rest of the world, and of course, susceptible to cache poisoning.

In order to ensure optimum traffic distribution and application delivery within mainland China, modern DNS technology must be deployed. This stems largely from the proliferation of mobile technology, and its leapfrog over conventional personal computer use. Much like the rest of the world, the implications of mobile devices accessing the internet are becoming palpable in the daily lives of network operators.

While the DNS has been an essential part of the internet we all know and use today, the core technology was designed for a much smaller, and less dynamic landscape. To that end, DNS technology has only been able to grow within the bounds of the RFC and ubiquitous open-source or commercially available name server software solutions. At NS1, we took an objective look at the changing dynamics of the internet and built a vendor-agnostic, next-generation DNS solution that provides a control plane for the modern technology stack. Deploying next-generation DNS technology within China is one way that NS1 continues to lead the charge.

Further Learning

Join Catchpoint’s CEO Mehdi Daoudi, and NS1’s Lead Solutions Engineer Devin Bernosky for a webinar on June 6th to learn about addressing the challenges of application delivery in China. The two will discuss strategies and tactics that can be used to increase performance within mainland China, and how to connect China to the rest of the internet with greater confidence and performance than ever before.

This is a guest blog post from Carl Levine, Senior Technical Evangelist at NS1.

Boasting the largest population of internet users in the world, China remains one of the greatest opportunities and risks in the proliferation of an open, and free internet. While the country has been “online” since the late 1980s with an email system that did not use the ubiquitous TCP/IP transport that we’re accustomed to today, China’s interoperability with the rest of the world has arguably been one of the greater challenges facing network operators and businesses alike.

The Great Firewall

Enabled in 2000, the Golden Shield Project, or “Great Firewall of China” as it is colloquially referred to, aimed to monitor the activity of every internet user within the country, and act as a content control system to enable censorship of materials that were deemed objectionable by the government. A large number of websites that would otherwise be easy to access anywhere else in the world are flat-out banned by the Chinese government, which also leads to a lot of mimicked versions of popular foreign websites and resources.

A number of tactics are leveraged in enabling the censorship and monitoring of internet usage, including but not limited to deep packet inspection, DNS cache poisoning, and IP filtering. Naturally, this degree of censorship and oversight has led to a number of Chinese internet users to tunnel out of the country on a VPN or SSH connection, at the expense of speed or reliability when connecting to the foreign resources.

Addressing DNS Challenges in China and Beyond

As DNS is the critical part of any interaction with the internet, ensuring reliable and performant DNS transactions within China remains one of the great challenges. Due to the nature of the “Great Firewall”, the DNS’ operation within the mainland is typically not as resilient or reliable as the rest of the world, and of course, susceptible to cache poisoning.

In order to ensure optimum traffic distribution and application delivery within mainland China, modern DNS technology must be deployed. This stems largely from the proliferation of mobile technology, and its leapfrog over conventional personal computer use. Much like the rest of the world, the implications of mobile devices accessing the internet are becoming palpable in the daily lives of network operators.

While the DNS has been an essential part of the internet we all know and use today, the core technology was designed for a much smaller, and less dynamic landscape. To that end, DNS technology has only been able to grow within the bounds of the RFC and ubiquitous open-source or commercially available name server software solutions. At NS1, we took an objective look at the changing dynamics of the internet and built a vendor-agnostic, next-generation DNS solution that provides a control plane for the modern technology stack. Deploying next-generation DNS technology within China is one way that NS1 continues to lead the charge.

Further Learning

Join Catchpoint’s CEO Mehdi Daoudi, and NS1’s Lead Solutions Engineer Devin Bernosky for a webinar on June 6th to learn about addressing the challenges of application delivery in China. The two will discuss strategies and tactics that can be used to increase performance within mainland China, and how to connect China to the rest of the internet with greater confidence and performance than ever before.

This is some text inside of a div block.

You might also like

Blog post

When SSL Issues aren’t just about SSL: A deep dive into the TIBCO Mashery outage

Blog post

Preparing for the unexpected: Lessons from the AJIO and Jio Outage

Blog post

The Need for Speed: Highlights from IBM and Catchpoint’s Global DNS Performance Study