dns-poisoning   DNS injection / poisoning

The June 2025 Iran shutdown—carried out during the Iran-Israel war beginning ~June 19—did not use BGP route withdrawals as in 2019. Instead, authorities applied service-level restrictions at the national border: DNS poisoning of foreign destinations, protocol whitelisting permitting only pre-approved domestic services, and DPI to block circumvention-tool traffic. Iran's international traffic fell roughly 90% while the country's BGP routes remained advertised, making the shutdown invisible to BGP-based monitoring systems. OONI measurement volume, which totalled 121,333 in June 2025, collapsed to under 200 submissions on June 19-20.

2025-iran-shutdown-measurement Executive Summary / §2 detection

Encrypted DNS protocols (DNS-over-HTTPS and DNS-over-TLS via Cloudflare 1.1.1.1, Google 8.8.8.8, AdGuard, or NextDNS) prevent DNS injection by encrypting the resolver query, making it opaque to in-path GFW middleboxes. The blog recommends these as a lightweight defense that avoids the maintenance overhead of static hosts entries.

2026-anon-6-github-dns §2 使用加密 DNS 服务 defense

The GFW blocks GitHub by hijacking DNS resolution to incorrect IP addresses, causing browser timeouts ('github.com 响应时间太长'). The poisoning can be confirmed by comparing nslookup results against a clean resolver (8.8.8.8) versus the local ISP resolver — divergent results confirm injection.

2026-anon-6-github-dns §5 验证 DNS 污染 detection

Static /etc/hosts bindings that hardcode correct IPs (e.g. 140.82.113.3 for github.com, 185.199.108.153 for assets-cdn.github.com) bypass DNS-injection blocking entirely, but the blog warns that GitHub IP addresses change and the file must be updated periodically to remain effective.

2026-anon-6-github-dns §1 手动修改 Hosts 文件 defense

Chinese users treat full proxy/VPN (Shadowsocks, V2Ray/Clash, commercial VPNs) as the '终极大杀器' (ultimate solution) for bypassing GitHub DNS poisoning, implying that lighter-weight DNS-only fixes fail in some network environments where the censor adds firewall-layer blocking beyond DNS.

2026-anon-6-github-dns §3 使用代理或 VPN deployment

Rule-based proxy tools (Clash, Shadowsocks, V2Ray) are documented as the most reliable solution for accessing GitHub from China, with split-tunneling rules routing only GitHub traffic through the proxy while keeping domestic traffic on the direct path. Git command-line tools require explicit proxy configuration (git config --global http.proxy http://127.0.0.1:7890) to route clone/push operations, as they do not inherit system proxy settings automatically.

2026-anon-github-2026-6-dns §方法二 defense

Configuring encrypted DNS (DoH/DoT) via Cloudflare (1.1.1.1 / https://cloudflare-dns.com/dns-query), Google (8.8.8.8), or Alibaba Cloud (223.5.5.5) is documented as a practical countermeasure to ISP-level DNS hijacking of GitHub in China. Browser-level DoH (Chrome/Edge settings) is highlighted as accessible to non-technical users without installing additional software.

2026-anon-github-2026-6-dns §方法四 defense

The GFW blocks GitHub via DNS poisoning across at least four domains — github.com, assets-cdn.github.com, github.global.ssl.fastly.net, and raw.githubusercontent.com — causing connection timeouts and page-load failures for mainland China users. The block is persistent as of February 2026, affecting both browser access and command-line git operations.

2026-anon-github-2026-6-dns Introduction / §方法一 detection

As of early 2026, GitHub mirror sites (FastGit at hub.fastgit.xyz, CNPMJS at github.com.cnpmjs.org, GitClone at gitclone.com) remain operationally accessible as reverse-proxy workarounds for read-only access and git clone acceleration from mainland China. The blog explicitly warns users against authenticating to GitHub accounts via these mirrors due to credential-theft risk, indicating that mirror operators are not fully trusted by the end-user community.

2026-anon-github-2026-6-dns §方法三 deployment

Bypassing system DNS via local hosts-file entries (e.g., mapping github.com → 140.82.113.4) is documented as the most widely used free workaround for GFW DNS poisoning of GitHub as of 2026. The technique is fragile: GitHub IP addresses change, requiring users to re-query and update entries manually, making it unsuitable as a reliable long-term defense.

2026-anon-github-2026-6-dns §方法一 defense

Article 19 documents that Iran's National Information Network (NIN / SHOMA) was designed with explicit reference to China's Great Firewall as a model, with institutional mirroring: Iran's Supreme Council of Cyberspace parallels China's Cyberspace Administration of China, and both governments share a "cyber sovereignty" doctrine used to justify domestic content controls and cross-border technology transfer. The report frames Iran's filtering infrastructure as deliberately architected to replicate GFW capabilities, not as an independently developed system.

2026-article19-tightening-the-net §2, §3 policy

Article 19 documents that Iran combines technical filtering with formal coercion of major foreign platforms (including Telegram, Instagram, and WhatsApp) to comply with content removal orders under threat of full blocking. The report notes that Iran's 2022 Women Life Freedom protests accelerated platform blocking when foreign operators refused compliance, demonstrating that the censorship system operates in two modes: coerce-and-allow for compliant platforms, block for non-compliant ones. Domain fronting via these platforms is therefore subject to sudden revocation if political conditions change.

2026-article19-tightening-the-net §6 policy

During the January 8–9, 2026 shutdown, Iran's .ir DNS zone became unavailable in-country, with resolution routed exclusively to a single nameserver located in Amsterdam. This infrastructure takeover was simultaneous with the routing blackout, eliminating DNS as an independent resolution path.

2026-free-the-internet-iran-internet-shutdown §Abstract deployment

CensorLess vanilla mode costs $0.27/month for a single proxy processing 6.76 GB of traffic monthly, a 97.1% reduction (34.4×) over SpotProxy's optimal single-NIC configuration ($9.28/month). The private mode, which adds a t4g.micro EC2 VPS for end-to-end encryption via SOCKS, costs $3.41/month — still 63.3% cheaper than SpotProxy's cheapest option. Costs remain below $3.50/day even when scaling to 300 proxies.

2026-kang-censorless-serverless §6.3, Figure 6 evaluation

Both Firefox and Chromium leak cleartext DNS before establishing encrypted DNS connections: they first send an unencrypted UDP DNS query to resolve the DoH server's domain (e.g., doh.opendns.com). An in-path censor can intercept and poison this initial query, making encrypted DNS in browsers completely ineffective without additional circumvention of the resolver-lookup step. Additionally, Chromium always includes the SNI extension in the encrypted DNS TLS handshake (e.g., "doh.opendns.com"), leaking the resolver identity even after the initial lookup. No resolver requires SNI to be present for certificate validation when the resolver's IP certificate is configured.

2026-lange-towards §2.4, §7, §10 detection

DNS censorship of encrypted protocols is inconsistent in both China and Iran. In China, Yandex resolvers are censored only when the SNI extension is present; omitting SNI bypasses censorship for these resolvers. In Iran, DoH requires SNI omission for Quad9, Google, Adguard, CleanBrowsing, and NextDNS resolvers, but works with SNI for Yandex and Cisco resolvers. These inconsistencies suggest resolvers have been accidentally missed by censors, highlighting the value of automated tools that trial all resolver-mode combinations rather than hard-coding a single strategy. The support evaluation found 47 resolvers supporting DoH, 16 supporting DoH3, and only 8 supporting DoQ out of ~65 tested.

2026-lange-towards §6.2, Table 2 evaluation

DPYProxy-DNS tested 8 circumvention modes against DNS censorship from vantage points in Iran (AS201295, Mashhad) and China (AS4837, China Unicom). In Iran, DoQ was entirely uncensored even with the SNI extension present; DoH3 worked for all Cloudflare and NextDNS resolvers. Iran's censor operates in-path (not on-path like the GFW), making the "Last Response" mode (wait 3s for the last UDP reply) ineffective in Iran but highly effective in China. Auto-mode averaged 12.32s (median 8.28s) in Iran and 13.78s (median 12.90s) in China to discover a working combination.

2026-lange-towards §6.2, §6.3 evaluation

TCP segmentation (splitting a DNS message into 20-byte TCP fragments) successfully circumvented DNS censorship in China for nearly all resolvers that support TCP. In Iran, TCP segmentation was only partially effective due to the censor's ability to reassemble TCP fragments when system load permits—some runs succeeded completely, others failed entirely across all resolvers. The "Last Response" mode (wait 3 seconds for the final UDP reply) was highly effective against China's on-path GFW injector for all resolvers except the fully IP-blocked Cloudflare 1.1.1.1 resolver.

2026-lange-towards §4.1, §6.2.1, §6.2.2 defense

All major browsers (Firefox, Chromium) issue an unencrypted DNS-over-UDP query to resolve their configured DoH resolver's domain before initiating any encrypted DNS session. In Iran, nearly all tested DoH resolver domains are directly censored at the DNS layer (returning block-page IPs), which renders browser-native encrypted DNS ineffective regardless of whether the underlying encrypted protocol would otherwise succeed. Additionally, browsers always include the SNI extension in TLS handshakes with DNS resolvers even though no tested resolver requires it.

2026-niere-dpyproxy-dns §7 detection

DPYProxy-DNS's automated probe-and-select mode identified a working DNS circumvention in an average of 13.78 seconds (median 12.90s) in China and 12.32 seconds (median 8.28s) in Iran across 100 runs each; best-case startup was 0.32s (China) and 0.47s (Iran) when the first-tried combination succeeded, while worst-case exceeded 30.72s in China and 58.16s in Iran due to the slow Last Response mode (3s fixed wait per attempt) being selected early in the randomized probe order.

2026-niere-dpyproxy-dns §6.3 evaluation

The GFW operates as an on-path censor that injects forged DNS responses faster than the real resolver but cannot suppress the legitimate response from also arriving. Waiting approximately 3 seconds and accepting the last-received UDP response circumvented GFW DNS injection for 40 of 41 tested public resolvers in China; the single exception (Cloudflare 1.1.1.1) was IP-blocked via packet dropping rather than injection racing.

2026-niere-dpyproxy-dns §6.2.1 defense

Iran's DNS censorship is largely ineffective against encrypted DNS: DoQ is not censored at all (with or without SNI present), DoH3 works for all tested Cloudflare and NextDNS resolvers, and most DoT/DoH resolvers work when the SNI extension is omitted. Iran's censorship of unencrypted DNS is in-path (queries never reach the real resolver), which means the GFW-style 'last response' technique fails entirely in Iran because the client's original query is dropped before reaching its destination.

2026-niere-dpyproxy-dns §6.2.2 evaluation

TCP segmentation — splitting DNS-over-TCP messages into 20-byte fragments — successfully circumvented DNS censorship for 40 of 41 tested resolvers in China. In Iran, TCP segmentation is inconsistently effective: it succeeds in some scan runs and fails entirely in others, suggesting the Iranian censor can reassemble TCP fragments when processing capacity permits.

2026-niere-dpyproxy-dns §6.2.1, §6.2.2 defense

A compiled blocklist dataset documents 43,083 apex domains blocked via DNS filtering across 6 Indian ISPs, representing one of the largest systematic inventories of Indian DNS censorship scope published to date.

2026-qurbat-list-domains-blocked compiled_blocklist.csv (main dataset) evaluation

The dataset incorporates Tranco popularity rankings for blocked domains (derived from the 'Poisoned Wells' research), enabling measurement of how DNS blocking in India intersects with high-traffic websites rather than being confined to obscure domains.

2026-qurbat-list-domains-blocked Abstract (Tranco ranking annotation) evaluation

The blocklist spans 6 distinct Indian ISPs, enabling cross-ISP consistency analysis; the multi-ISP scope reflects that DNS-based blocking in India is implemented heterogeneously at the ISP level rather than via a single national chokepoint.

2026-qurbat-list-domains-blocked Abstract / dataset metadata evaluation

DNS filtering is the documented primary blocking mechanism across the 6 surveyed Indian ISPs, with no evidence in this dataset of complementary IP-blocking or SNI-based blocking layers, suggesting the censor relies on DNS as a sufficient single-layer enforcement point.

2026-qurbat-list-domains-blocked Abstract / dataset scope detection

Of 6,915,266 domains extracted from the 572 GiB Geedge Networks Leak (GNL), 298,955 censored domains (93.7% of all GNL-censored domains) appear in neither Tranco top-1M nor CitizenLab test lists. Measurements across China (Guangzhou/Nanjing), Myanmar, Pakistan, and Algeria confirmed censorship via DNS injection and SNI-based TLS connection termination. The GNL covers 25–62% of Tranco-censored domains across countries, showing substantial but incomplete overlap. This vendor-side ground truth reveals a censorship surface roughly two orders of magnitude larger than curated academic test lists.

2026-sheffey-geedge §4.1, Table 2 detection

Empirical evaluation against nine major commercial VPN providers found all five tested connection tracking frameworks (Linux Netfilter, FreeBSD PF, IPFW, IPFilter, natd) and eight of nine providers vulnerable to at least one session manipulation attack, resulting in 19 assigned CVEs/CNVDs.

2026-yang-invisible-adversaries-systematic §I, §IV evaluation

DNS hijacking via shared VPN NAT is feasible because the full 16-bit TxID space (up to 65,536 values) can be brute-forced in an average of 4.27 seconds, well within a typical 10-second DNS request timeout; browser DNS cache windows range from 60 seconds (Chrome/Edge) to 660 seconds or more (Firefox), with longer windows enlarging the injection race window.

2026-yang-invisible-adversaries-systematic §III-C, §IV-D, Table I evaluation

A co-tenant attacker sharing the same VPN server can launch a port-exhaustion DoS in an average of 4 seconds with over 90% success rate, inject forged HTTP responses in 64.11 seconds at a 66.7% success rate, and hijack DNS responses at success rates of 20% to 70%.

2026-yang-invisible-adversaries-systematic §I, §IV-B, §IV-C, §IV-D evaluation

Pakistan's PECA (Prevention of Electronic Crimes Act) and PTA (Pakistan Telecommunication Authority) regulations grant authority to block content without court orders, enabling the deployment of a persistent national filtering infrastructure. The report documents 11,000+ URLs blocked by PTA and confirms that VPN use and circumvention tools are among the targeted categories, with blocking orders issued under national security grounds.

2025-amnesty-pakistan-shadows §2, §4 policy

TTL-based path analysis showed that all censorship actions (DNS poisoning, HTTP injection, TLS resets) in the June 2025 shutdown occurred at the same network hop across all tested ISPs, indicating a single centralized national border gateway—likely TCI AS gateways—rather than per-ISP enforcement. Global BGP announcements were kept intact throughout, making the shutdown invisible to routing monitors while domestic connectivity collapsed.

2025-aryapour-stealth-blackout §4.5 deployment

Over 90% of tested censored domains returned private IP addresses in the 10.10.34.0/24 range (chiefly 10.10.34.34) via injected DNS replies during the June 2025 shutdown, with poisoned response TTLs often very low—consistent with inline DPI injection rather than a recursive DNS lookup. A small set of domains including Google and state-approved services were whitelisted and resolved correctly.

2025-aryapour-stealth-blackout §4.1 detection

Analysis of 5.1 billion Wallbleed responses revealed that the leaked memory contains fragments of live network traffic processed by the injection device: IP/TCP/UDP/HTTP headers and payloads (including plaintext traffic not related to DNS), x86_64 Linux stack frames with ASLR-consistent pointer patterns, and what appear to be glibc stack canaries. The 166 million UPnP/SSDP snippets in leaked memory suggest the GFW device shares a memory pool with traffic from private RFC 1918 addresses, hinting at internal management-plane traffic co-located with the censorship infrastructure. A side channel — the fixed cyclic ordering of false IP addresses across injection processes — distinguishes individual GFW injector processes from each other.

2025-fan-wallbleed §4–§5 detection

Wallbleed was a buffer over-read in the GFW's DNS injection subsystem that caused middleboxes to append up to 125 bytes of their own process memory to forged DNS responses. The bug persisted for at least two years (confirmed from October 2021); the GFW issued an incorrect partial patch in November 2023 (Wallbleed v2 remained exploitable) and fully patched it in March 2024. Over 5.1 billion Wallbleed responses were collected during continuous measurement, and an IPv4-wide scan found 242 million IP addresses across 381 autonomous systems receiving Wallbleed-injected responses — including some traffic whose source and destination were both outside China, due to routing through China's network border.

2025-fan-wallbleed §1–§3, §7 deployment

Internal Geedge documents confirm active contracts to deploy GFW-derived censorship and surveillance infrastructure in Myanmar, Pakistan, Ethiopia, Kazakhstan, and at least one additional unidentified country under the Belt and Road framework, in addition to domestic deployments in Xinjiang, Jiangsu, and Fujian. The exported product (the Tiangou Secure Gateway / TSG line) is not a stripped-down export variant — leaked TSG documentation shows DPI, active-probing, ML classifiers, and granular per-region traffic control rules that mirror the domestic GFW capability set.

2025-geedge-mesa-leak §5, §6 deployment

Iran's DNS censor injects a correct, static IP address for 385 domains across 10 groups — including 372 Google-related domains (resolving to 216.239.38.120), 2 Bing domains, 2 DuckDuckGo domains, Yandex, CIA, MI5, and Mossad. This previously unreported behavior likely enables surveillance (routing traffic to a controlled IP) or rapid follow-on blocking (nullrouting the injected static IP is cheaper than maintaining DPI rules per domain).

2025-lange-i-ra-nconsistencies §3.1, Table 6, Figure 3 detection

Iran's DNS censor now injects two distinct block-page IPs: 10.10.34.36 (≈87% of 47,633 censored domains) and 10.10.34.34 (≈13%). Both originate from the same network node at Iran's border. Prior research (Aryan et al. 2013) described only 10.10.34.34. The IP injected correlates strongly with the HTTP censorship method applied: domains with 10.10.34.34 in DNS receive TCP RST via HTTP (86.8% of RST cases), while domains with 10.10.34.36 in DNS receive HTTP block pages (84.6% of block-page cases).

2025-lange-i-ra-nconsistencies §3.1, Table 2 detection

Iran's DNS censor temporarily null-routed all DNS requests containing the string "wpad" at any position, including benign domains like wpad.net, showpad.com, and meowpad.me. The overblocking was no longer reproducible at the time of publication, suggesting a censor configuration error later corrected. The affected domains are unrelated to proxy auto-discovery in most cases, indicating a substring-match rule without context.

2025-lange-i-ra-nconsistencies §3.1 detection

DNS censorship leaks geographically: Russia's neighbors show materially elevated censorship rates despite low independent censorship of their own — Lithuania 21.73%, Norway 12.04%, Finland 12.03% — compared to Russia itself at 43.59%, consistent with DNS queries from those countries transiting Russian infrastructure and being hit by Russian DNS injection.

2025-lipphardt-1-800-censorship §4.1, Table 1 evaluation

Russian transit censorship propagates to ASNs outside Russia: ASN 216071 (Netherlands) shows 38 top-10k URLs with 59% confirmed blockpage rate, ASN 6939 (Sweden) shows 4 URLs at 75%, and ASN 3214 (Germany) shows 4 URLs at 75%, all attributable to peering with Russian ASNs known to employ transit censorship.

2025-lipphardt-1-800-censorship §4.2, Table 2 evaluation

Venezuela and Cuba exhibit average unblocked rates of 68.83% and 69.70% respectively across 461,114 and 5,501 OONI tests, placing roughly 31% and 30% of probes as blocked — censorship rates comparable to documented heavy-censor states — despite being routinely excluded from standard censoring-country lists.

2025-lipphardt-1-800-censorship §4.3, Table 3 evaluation

The June 2025 Iran shutdown achieved approximately 90% reduction in international traffic without BGP withdrawal by combining DNS poisoning, protocol whitelisting, and DPI at the national border — maintaining an outward appearance of normal connectivity for traditional monitoring tools while severing the population's access to the global Internet. Unlike the 2019 shutdown, which was implemented per-provider over 24+ hours, the 2025 operation was centralized and covert.

2025-miaan-stealth-blackout Executive Summary — Technical and Strategic Evolution detection

Neither China nor Iran directly block ECH ClientHello messages; instead both effectively prevent ECH by censoring encrypted DNS resolvers. China blocks Cloudflare's DoH/DoT resolver (mozilla.cloudflare-dns.com) via SNI-based blocking in TLS and QUIC, causing residual censorship of up to 360 and 180 seconds respectively. Iran blocks both Cloudflare and NextDNS DoH hostnames via DNS block-page injection, TLS TCP RST, and HTTP block pages. Iran cannot analyze QUIC, so DoQ is uncensored and enables ECH in Iran. China's NextDNS IP blackholing affected only one of two resolved IPs, leaving an uncensored path.

2025-niere-encrypted §5, Table 1, Figure 5 detection

Two of the 8 handshake-accepting injected IPv4 addresses host active services reachable both inside and outside China: 103.230.123.190 runs OpenSSH 8.2p1 on port 22, and 103.246.246.144 redirects 0.164% of all censored-domain requests to a website serving forbidden adult content.

2025-sheffey-extended §2.2.1 evaluation

The authors recommend that users encrypt DNS queries (DoT or DoH) to prevent the GFW's on-path injectors from intercepting and poisoning them, and additionally block all outgoing traffic to the known pool of GFW-injected IP addresses to avoid silently connecting to potentially surveillance-oriented infrastructure.

2025-sheffey-extended §4 defense

GFW DNS AAAA responses for censored domains return 622 IPv6 addresses: 30 from Facebook's 2a03:2880::/32 network (all sharing interface identifier face:b00c:0:25de), and 592 malformed Teredo addresses in the 2001::/32 range that directly hex-encode entries from the IPv4 pool in the lower 32 bits rather than following RFC 4380 Teredo structure. The Teredo addresses' server IPv4 (0.0.0.0) and port (0) fields are nonsensical.

2025-sheffey-extended §2.1, Appendix A evaluation

Of 1922 IPv4 addresses collected from GFW-injected DNS A responses to 5,000 queries for censored domains, 8 (0.4%) actually accepted TCP handshakes when probed from within China. The other 1914 addresses were either silent or unreachable.

2025-sheffey-extended §2.2 evaluation

Six injected IPv4 addresses (8.7.198.46, 39.109.122.128, 46.82.174.69, 59.24.3.174, 93.46.8.90, 103.97.3.19) accept TCP SYN→SYN+ACK from within China but immediately reply RST when the client sends application data (PSH flag). These hosts mirror IPID values from probe packets, show no response from outside China, and appear to operate statelessly — suggesting GFW-controlled surveillance infrastructure that collects connection metadata without revealing itself.

2025-sheffey-extended §2.2.2 detection

Censorship enforcement varies dramatically across Iranian ASes. AS58224 (TCI, 3.6M IPs) blocks 89-98% of IPs across DNS injectors and 87.6% for UDP. AS197207 (MCCI, 2.3M IPs) and AS44244 (IranCell, 1.3M IPs) show near-zero censorship (0.15-0.76% across injectors). AS31549 (RASANA, 577k IPs) blocks 97-99% for DNS/HTTP but 64% for UDP. Some IPs— including those belonging to the Iranian President's website and Ministry of Foreign Affairs—are deliberately exempted from bidirectional censorship. Two exempted MFA IPs (109.201.19.184 and 109.201.27.67) appear linked to APT15 (Playful Taurus) C&C infrastructure.

2025-tai-irblock §5.1, §5.2, Table 1 evaluation

IRBlock discovered that 1.7M of 3.3M blocked apex domains (52%) were attributed to blanket suffix-level blocking rules rather than individual domain listings. Examples include regex patterns targeting all Israeli domains (.il TLD), adult content (.porn), and country-coded suffixes (.com.mx, .my.id). Of 87K Tranco-ranked apex domains analyzed, 37% fell into adult content, with entertainment and gambling following. Approximately 1.27M apex domains were jointly censored by both DNS and HTTP filters, while the two filters maintained operationally independent blocklists for a significant fraction of domains.

2025-tai-irblock §5.3 detection

Over 2.5 months (Nov 2024–Jan 15, 2025), IRBlock scanned all 11M Iranian IPv4 addresses daily, finding 6.8M IPs subject to DNS poisoning and HTTP blockpage injection, and 5.4M IPs subject to UDP-based traffic disruption. Testing over 700M FQDNs (500M apex domains) revealed 6M banned FQDNs from 3.3M censored apex domains. Of 537 active ASes in Iran, 485 (90.3%) exhibited blocking for at least 25% of assigned IPs. DNS and HTTP censorship overlapped at >99% of censored IPs; UDP blocking was a strict subset of DNS-censored IPs, affecting ~5M addresses.

2025-tai-irblock §5.1, §1 evaluation

The GFI operates three distinct DNS/HTTP injectors with different fake IP addresses (10.10.34.34, 10.10.34.35, 10.10.34.36) and partially overlapping blocklists—mirroring the GFW's triplet-censor architecture. Injector 10.10.34.35 exhibits TTL reflection (injected response TTL = probe TTL − hop count), identical to the GFW. No IP exclusively receives injections from 10.10.34.34 (a smaller, selective component); the two primary injectors 10.10.34.35 and 10.10.34.36 handle the majority of censorship. Different injectors maintain distinct domain blocklists, meaning which domains a user sees as censored depends on routing through their AS.

2025-tai-irblock §5.4, Table 2 detection

Proxy placement requirements vary dramatically by country topology: Turkmenistan requires just 1 AS for 75% coverage, Oman requires 3, Afghanistan 5, Iran 10, and China 12. Turkmenistan's extreme centralization means a single transit AS intercepts virtually all paths, whereas China's fragmented routing fabric demands far more deployment sites to achieve equivalent coverage.

2025-umesh-improved §5.4, Table 4, Figure 6 evaluation

For Iran, a greedy cumulative-coverage analysis over 22,799 resolver-to-uncensored-AS paths shows that the top 5 ASes cover 59% and the top 10 ASes cover 76.6% of all DNS resolution paths. AS3257 (GTT Communications) and AS174 (Cogent Communications) each appear in approximately 15.7% of paths and contribute nearly all their usage as unique (non-overlapping) paths.

2025-umesh-improved §5.2, Figure 3–4 evaluation

An AS+IXP multigraph fusing CAIDA traceroutes (13.6M paths), 256M BGP updates from RouteViews/RIPE RIS, and IXP membership data yields 87,157 AS vertices, 1,588 IXP vertices, and 510,810 edges — an order of magnitude richer than BGP-only baselines. Hidden private peering links and IXP fabric connections invisible to BGP alone materially affect coverage estimates for refraction networking proxy placement.

2025-umesh-improved §1, §4.5 evaluation

Proxy users who resolve DNS locally (at the client) are approximately twice as susceptible to RTTdiff fingerprinting compared to users who resolve DNS at the proxy, across all tested client/proxy location combinations. Local DNS returns IPs optimally reachable from the client's region, which may be geographically distant from the proxy, increasing the proxy-to-server path distance and thus the RTTdiff discrepancy.

2025-xue-discriminative §VI-C-2 detection

Majority-vote ML inference (OCSVM + IF) over OONI data uncovered at least 5 previously undocumented DNS injection IPs active in Russia (e.g., 195.19.90.226, 95.167.13.51, 61.95.167.13.50, 188.19.132.154, 144.85.142.29.248) absent from OONI's existing blocking-fingerprints database, along with novel fingerprints in Italy, Czech Republic, and the UK. Records with fewer than 50 instances were excluded as a conservative false-positive filter.

2024-calle-toward §4.3, Table 5 detection

XGBoost trained on a single month of OONI data achieves near-optimal performance; expanding the training window to 24 months produces deviations of only 0–5 percentage points for FNR, 0.07 PP for FPR, and 0.10 PP for accuracy — suggesting that larger windows introduce noise and overfitting rather than improving detection. Isolation Forest performance degrades more sharply, with accuracy dropping ~5 PP as training data grows beyond 6 months.

2024-calle-toward §4.2, Figure 3 evaluation

For the Isolation Forest model, resolver ASN (SHAP importance 0.237) and probe ASN (0.220) are the two most predictive features for DNS tampering, reflecting that censorship is topologically concentrated at specific network vantage points. For XGBoost, headers_match dominates (0.317), followed by asn_control_match (0.177), indicating that supervised models rely more on cross-layer consistency signals. DNS tampering represents only 0.5–0.8% of all OONI measurements across 2022–2023 (Figure 2), creating severe class imbalance in any training set.

2024-calle-toward §4.1, Table 4, Figure 2 detection

XGBoost achieves a False Positive Rate of 0.0005, True Positive Rate of 0.9403, and overall accuracy of 0.9991 on OONI global DNS measurement data (2.5% stratified sample), vastly outperforming unsupervised alternatives: Isolation Forest achieves FPR 0.1321 / ACC 0.8699, and One-Class SVM degrades to FPR 0.9711 / ACC 0.0598, making OCSVM effectively unusable for this task.

2024-calle-toward §4.1, Table 3 evaluation

Brown et al. (2023) combined supervised ML models trained on expert-labeled data with unsupervised models establishing a baseline of 'normal' behavior to detect DNS-based censorship from Satellite and OONI datasets, achieving high true-positive rates for both known and new DNS censorship instances. The hybrid supervised/unsupervised approach is proposed as a template for the LLM-based system.

2024-gao-extended §2 Related Works evaluation

GFWeb tested 1.02 billion domains against the GFW over 20 months and discovered 943,000 pay-level domains blocked by HTTP filters and 55,000 by HTTPS filters — the largest GFW blocklist dataset ever published. The HTTP-to-HTTPS ratio (17:1) confirms that the GFW's HTTPS keyword-based and SNI-based blocking covers far fewer domains than its HTTP host-header blocking, likely because HTTPS blocks carry higher collateral-damage risk.

2024-hoang-gfweb Abstract, §5.1 detection

Alternative DNS resolvers trivially circumvent EU sanctions enforcement: third-party providers such as Google Public DNS and Cloudflare DNS implement no sanctions filtering regardless of user location, meaning any user who can switch their resolver can bypass most enforced blocks. The paper concludes that 'as long as a user can utilize an alternative DNS resolver, they would be able to bypass most sanctions enforcement.'

2024-kristoff-internet §5.4 evaluation

DNS-based blocking was the dominant EU sanctions enforcement mechanism: 87% of the 125 OONI vantage points implementing blocks chose DNS, and RIPE Atlas measurements found 50% of blocking ISPs return DNS error responses. Coverage dropped with each new sanctions package—45% of vantage points blocked first-round domains versus only 17% for fourth-round additions.

2024-kristoff-internet §4.1, §4.2 evaluation

EU sanctions enforcement was deeply non-uniform across member states and over time: 77% of blocking autonomous systems enacted enforcement within 3 months of the initial sanctions, but adoption timelines, block-list coverage, and over/under-compliance patterns varied substantially by country and ISP. Austria blocked certain domains months after Germany despite advance specification; domains removed from the German list were eventually de-blocked with significant lag; the newly registered sputnikglobe.com was not widely blocked as of the study's writing.

2024-kristoff-internet §4.2, Figure 1 deployment

Mirror domains registered by sanctioned Russian outlets (e.g., rtde.site, rtde.xyz, rtde.live, rtde.tech) remained almost universally accessible across EU member states; Table 2 shows near-100% uncensored DNS responses for mirror domains in the vast majority of countries. The EU had no effective mechanism to police domain mirroring in real time, leaving it an unmitigated circumvention strategy throughout the study period.

2024-kristoff-internet §5.2, Table 2 evaluation

The GFW DNS injector vulnerability enabled reflective amplification attacks with a baseline factor of 4.04× (46-byte payload → 186-byte response). Combined with routing loops — approximately 1,000 destination IP addresses in China were found to loop packets across the GFW more than 30 times, with 159 persisting after two days and a maximum of 119 loop iterations per query — the effective amplification factor reached 481.17×, sufficient to generate 100 Gbps of attack traffic from just over 200 Mbps of source traffic.

2024-sakamoto-bleeding §5.2 Reflective Amplification Attack evaluation

The GFW patched the out-of-bounds read vulnerability city by city in October–November 2023, updating from least to most international traffic: CERNET/Beijing before October 26, Guangzhou on October 30, and Shanghai in two distinct phases on October 31 and November 1, with all updates occurring around 11 a.m. CST. Shanghai, which terminates the most international submarine cables, was updated last and in two steps to minimize side effects.

2024-sakamoto-bleeding §4.5 Maintenance and Update deployment

The GFW's DNS packet injector (Injector 3, identified by TTL mirroring and zero IP ID) contained an out-of-bounds read vulnerability: due to missing label-length and null-terminator validation, malformed DNS requests caused the injector to copy adjacent stack memory into forged responses. Over three days in October 2023, researchers collected over 1 TB of data containing over 13 billion leaks, ~87.43% with non-duplicate content, including live Internet traffic transiting China's backbone and stack frames of the GFW's packet-handling processes.

2024-sakamoto-bleeding §3 Vulnerability deployment

Automated pattern analysis of 13 billion leaked GFW memory frames found over 52.8 million HTTP/1.x protocol signatures, 984,567 Authorization headers, 1.9 million Cookie headers, 79,090 password-in-URL occurrences, and 59,326 SMTP/IMAP plaintext credential sequences — yielding over 3 million pieces of potentially sensitive data collected at a deliberately limited rate of 5,000 exploit packets per second.

2024-sakamoto-bleeding §4.3 Traffic Patterns, Table 2 evaluation

The automated probe list generation system discovered 45.79 potentially blocked domains per 1,000 domains crawled, compared to 4.11 for FilteredWeb — over 10× higher efficacy. It uncovered 1,490 potentially blocked domains in crawls of just 71,960 URLs, versus 1,255 blocked domains found by Hounsel et al. in crawls of 1,000,000 URLs, with 1,473 of the 1,490 domains not overlapping with prior work.

2024-tang-automatic §5.5 evaluation

GFW verification tests confirmed over 90% of OONI-detected DNS anomalies as true blocks: 429/457 domains in Beijing and 422/461 in Shanghai. In total, 527 unique domains were confirmed censored via DNS, HTTP, and HTTPS filters; an additional 718 domains suspected blocked due to IP-address-level blocking of their hosting servers rather than domain-level entries.

2024-tang-automatic §5.6 detection

Only 36.66% of the 139,957 source list URLs (51,313) survived sanitization as live, meaningful pages, with 18,911 URLs removed for lack of content and many more for dead links — underscoring how rapidly manually curated probe lists decay. In Beijing and Shanghai, over 20% of known domains were consistently inaccessible, versus fewer than 4.5% at all other vantage points, and over 68% of known domains remained blocked, suggesting censored topics stay sensitive even as URLs go stale.

2024-tang-automatic §3.1, §5.2 evaluation

CenDTect, an unsupervised decision-tree system using iterative parallel DBSCAN, analyzed more than 70 billion Censored Planet data points (January 2019 – December 2022) and discovered 15,360 HTTP(S) censorship event clusters across 192 countries and 1,166 DNS event clusters across 77 countries. Manual validation against 38 known censorship events from news reports confirmed all human-identified events were recoverable from CenDTect's output. The system additionally identified more than 100 ASes in 32 countries with persistent ISP-level blocking and 11 temporary blocking events in 2022 correlated with elections, protests, and armed conflict.

2024-tsai-modeling Abstract, §5, §6 evaluation

DeResistor-generated evasion strategies achieve an overall success rate of up to 98.61% against GFW (across vantage points in Qingdao, Shanghai, and Beijing) for the best strategy, and 100% in both India (Bangalore) and Kazakhstan (Oral) for the top-performing strategy, while standalone Geneva strategies tested in the same environment achieve comparable or slightly lower rates on some censors but are blocked at the IP level before training completes.

2023-amich-deresistor §6.3, Table 2 evaluation

GFW employs layered blocking for high-value targets: DNS poisoning for domains like google.com and wikipedia.org combined with null-routing of their hosting IPs, meaning packet-manipulation tools that operate at the TCP/HTTP layer (e.g., Geneva, DeResistor) cannot generate or test evasion strategies because no response is received to the initial SYN — the blocking occurs below the layer those tools target.

2023-amich-deresistor §6.1 detection

DNS censorship complexity varies sharply by country: Iran injects static forged IPs exclusively from 10.0.0.0/8 and Turkmenistan uses only 127.0.0.1, making detection trivial, while China's constant fake-IP churn across ASes demands dynamic ML approaches; models trained without country-specific ASN features still perform well, enabling transfer to countries where GFWatch-equivalent infrastructure does not exist.

2023-brown-augmenting §5 detection

By mapping ML-predicted censored probes back to their DNS response IPs, the authors discovered 748 forged IP addresses used by China's GFW as DNS blocking signatures that OONI's heuristics missed; supervised and unsupervised models also identified several ISP-specific injected IPs absent from even GFWatch's comprehensive signature list, demonstrating that static signature lists substantially undercount active GFW DNS censorship.

2023-brown-augmenting §4.2, Table 4 evaluation

OONI and Satellite (Censored Planet) agree on roughly 75% of tested Chinese domains as uncensored, but DNS anomaly agreement is poor: each platform flags fewer than 0.5% of domains as anomalous in any given biweekly window, and the two platforms frequently disagree on which domains are censored because China's GFW uses dynamic fake-IP injection that defeats static rule-based heuristics.

2023-brown-augmenting §2.2, Figure 1 evaluation

XGBoost supervised models trained on DNS probe features achieve TPRs of 100% (Satellite) and 99.8% (OONI) at FPRs of 0.0% and 0.2% respectively when using platform-native anomaly labels; cross-source training with GFWatch labels applied to the same records yields 99.4% TPR for Satellite and 86.7% TPR for OONI, with SHAP analysis confirming that ASN and organization name of the returned DNS response IPs are the dominant predictive signal.

2023-brown-augmenting §4.1, Table 2 evaluation

Unsupervised one-class SVM models trained only on clean (uncensored) records detect GFW DNS censorship with 99.1% TPR at 17.4% FPR on Satellite data; over half of apparent false negatives are truly uncensored probes where the GFW transiently failed to inject a forged response, confirming that GFW DNS injection is not perfectly consistent at the individual probe level.

2023-brown-augmenting §4.1, Table 3 evaluation

Only 10 of 64 measured Indian ASes conduct DNS-based blocking, but Atria Convergence Technologies (AS24309) was found performing DNS injection attacks against public DNS resolvers including Cloudflare, Google, and Quad9 — affecting 8.45% of the roughly 3 million DNS measurements collected using those resolvers. DNS blocking is otherwise concentrated in two large providers (AS24309 with 125,154 confirmed blocks and National Internet Backbone / BSNL with 92,653 confirmed blocks).

2023-katira-censorwatch §5.1, Table 3 detection

Using Geneva (genetic algorithm censorship evasion), five new evasion strategies were discovered that defeat Turkmenistan's censorship at both transport and application layers across DNS, HTTP, and HTTPS. The strategies exploit Turkmenistan's use of a commercial DPI box ("Golden DPI" by Qurium) and can be applied server-side without requiring changes to censored users' client software.

2023-nourin-measuring §Evasion defense

The paper introduces TMC, a remote measurement tool that infers domain-blocking status across DNS, HTTP, and HTTPS without requiring in-country vantage points, using only 38% Internet penetration in a country of 6 million people. TMC enabled the largest Turkmenistan censorship measurement to date by exploiting middlebox reflection properties observable from outside the country.

2023-nourin-measuring §TMC evaluation

The largest measurement study of Turkmenistan censorship to date tested 15.5 million domains and found more than 122,000 domains censored using separate blocklists for DNS, HTTP, and HTTPS. Reverse-engineering the blocking rules revealed approximately 6,000 over-blocking rules that cause incidental filtering of more than 5.4 million additional domains — a 44x collateral damage ratio relative to intentionally blocked domains.

2023-nourin-measuring §Results detection

In Censored Planet DNS measurements of 75 .gov and .mil domains on April 11, 2021, only 36.06% of measurements from China resolved correctly. Of the failures, 19.06% returned SERVFAIL codes caused by US-based nameservers geoblocking Chinese recursive resolvers—server-side access control, not GFW censorship—causing prior studies that did not account for geoblocking to systematically over-estimate DNS blocking in China.

2023-raman-advancing §3.3.2 evaluation

Previous work reported that Myanmar ISPs selectively applied DNS blocking versus TCP/IP blocking, but analysis of the underlying data revealed they applied both concurrently. The apparent difference arose because some OONI volunteers bypassed DNS tampering by using public DNS resolvers (Cloudflare, Google Public DNS) and subsequently experienced IP-level blocking instead, making measurements appear selective when they were not.

2023-raman-advancing §3.1 evaluation

CERTainty identifies DNS manipulation by attempting a full TLS handshake with the IP returned by a remote resolver and inspecting whether the resulting certificate belongs to the legitimate origin or to an injected blockpage destination. This certificate-based ground truth substantially reduces false positives compared to prior DNS measurement systems that could not distinguish intentional manipulation from CDN geo-DNS or captive portals.

2023-ramesh-certainty Abstract / §1 evaluation

Prior DNS-manipulation measurement systems suffered from high false-positive rates because DNS anomalies are also produced by benign infrastructure (CDNs, geo-DNS, captive portals). CERTainty's TLS certificate inspection step disambiguates these cases, establishing that certificate validation is a necessary complement to DNS-response comparison for reliable censor classification.

2023-ramesh-certainty Abstract / §3 detection

CERTainty measured DNS manipulation across thousands of resolvers in 102 countries, identifying state-level censorship in China, Iran, and Russia, among others. The breadth of coverage — both resolver count and country count — demonstrates that TLS certificate validation scales to Internet-wide vantage-point studies.

2023-ramesh-certainty Abstract / §5 evaluation

CERTainty demonstrates that state-level DNS censorship in China, Iran, and Russia operates through resolver-level injection: queries sent to in-country resolvers return IPs whose TLS certificates do not correspond to the queried domain, revealing blockpage or sinkhole destinations. This pattern is distinguishable from CDN or geographic DNS behavior precisely because blockpage servers cannot present a valid certificate for the censored hostname.

2023-ramesh-certainty Abstract / §5–6 evaluation

Of the Tranco top-10K domains, 286 (3.26%) returned geoblocking signatures for all Russian vantage points in May 2022, with CDN-mediated blocking dominant: 87 domains via Cloudflare and 57 via Akamai. DNS-level geoblocking alone affected 68 domains, and 29 domains implemented both DNS and TCP geoblocking simultaneously, rendering public-resolver circumvention of DNS blocks ineffective for those targets.

2023-ramesh-network §5.1 evaluation

OONI data shows anomaly rates in Russia's top five ASes (including Rostelecom AS12389, Vimpelcom AS8402) rose from roughly 7–11% in January and early February 2022 to 12–21% in mid-March 2022, with social-media and news domains such as Facebook, Twitter, Instagram, and BBC going from available to near-completely blocked after the invasion.

2023-ramesh-network §4.1 evaluation

136 Russian government domains (25.09% of 542 accessible ones) blocked access to all tested countries outside Russia, and a further 112 (20.66%) were accessible only from Russian and Kazakhstani vantage points. Geoblocking was implemented via heterogeneous, uncoordinated mechanisms—DNS timeouts, TCP timeouts, HTTP 403 Forbidden responses, and explicit blockpages—across different domains, indicating an ad hoc emergency response with no central policy.

2023-ramesh-network §4.2 deployment

Chinese DNS censorship operates symmetrically — injecting forged responses for both inbound and outbound DNS packets regardless of whether any real service exists at the destination IP. This means any DNS response received for a probe sent to a closed-port IP inside China is unambiguously a censorship injection, not a legitimate resolver reply.

2022-bhaskar-many §3.1 detection

In a 75-domain, 492-destination experiment, domains that showed small-scale routing-induced censorship changes — where some (source IP, source port) combinations bypassed censorship while others did not — were exclusively domains first censored within the last 2 years, indicating inconsistent GFW censorship-node configuration during rollout.

2022-bhaskar-many §5.4 evaluation

Routing-induced censorship variation is persistent across time: packet retries do not resolve observed differences, and manual re-measurement days later yielded identical censorship outcomes for the same (source IP, source port, destination IP) tuples across 12 iterative experiment rounds, ruling out transient packet loss or short-term routing fluctuations.

2022-bhaskar-many §4.5, §5.2 evaluation

The lowest 3 bits of the source IP nearly double the number of destinations experiencing censorship measurement changes, consistent with routers XOR-ing low-order bits of source and destination IPs for load-balancing decisions. Varying source IPs produced a mean of 89 routing nodes and 134 distinct paths, versus 55 nodes and 110 paths when varying only source ports.

2022-bhaskar-many §5.3 evaluation

Across 10,000 destination IPs in China, 37% showed some change in censorship behavior depending on source IP and source port, spanning 56% of measured ASes. The dominant form of variation (95% of cases) was all-or-nothing: a given (source IP, source port) pair either experienced no censorship or 'expected' censorship, with no intermediate states.

2022-bhaskar-many §5.2 evaluation

The COVID-19 Wuhan lockdown caused geolocating Twitter users in China to increase 1.4-fold immediately, remaining 10% above pre-crisis baseline long-term; approximately 320,000 new Chinese users joined Twitter due to the crisis, and the available VPN application's ranking on the Chinese iPhone App Store jumped significantly around 23 January 2020 and maintained that elevated rank.

2022-chang-covid-19 Crisis Increased Censorship Circumvention evaluation

In countries with no Great Firewall-equivalent censorship (Germany, Italy) and in less-censored authoritarian states (Iran — Persian Wikipedia; Russia — Russian Wikipedia) that experienced comparable COVID-19 outbreaks, no analogous spillover to politically sensitive content was observed; Wikipedia engagement in those countries increased generally but did not show disproportionate access to historically censored topics, confirming the gateway effect is specific to high-censorship environments.

2022-chang-covid-19 Comparison with Other Countries Affected by the Crisis / Table 1 evaluation

Circumvention activity varied strongly by geographic proximity to the crisis: Hubei province, the epicenter, saw Twitter volume double relative to pre-lockdown baseline and sustain that doubling 30 days after the crisis, while mobility decreases from Baidu location data correlated with Twitter user increases across provinces — but two weeks after lockdown, the elevated Twitter usage could no longer be explained by mobility restrictions or New Year seasonality, indicating crisis-induced circumvention becomes self-sustaining.

2022-chang-covid-19 Increases in Circumvention Occurred throughout China / Fig. 4 evaluation

Chinese-language Wikipedia views grew from 12.8 million per day in December 2019 to 13.9 million during the Wuhan lockdown (24 January–13 March) and peaked at 14.7 million per day from mid-February through April 2020; the crisis disproportionately increased views of pages selectively blocked by the Great Firewall prior to 2015, of historical Chinese leaders since Mao, and of current officials — categories expected only under a gateway effect — and these elevated levels persisted through May 2020.

2022-chang-covid-19 Crisis Provided a Gateway to Censored Political Information / Fig. 3 and Fig. 7 evaluation

Among 18,199 stable open DNS resolvers discovered in Shanghai's IPv4 space, 136 were completely immune to GFW DNS filtering and correctly resolved all 83 blocked domains. On average, each blocked domain had more than 436 open resolvers with ACR ≥ 0.5 capable of returning its correct IP address.

2022-cheng-in-depth §5.1, Figure 12–13 evaluation

Chinese public (pDNS) and ISP (iDNS) DNS resolvers exhibit highly variable filtering bypass rates: some resolvers return correct IPs for specific blocked domains with ACR > 0.6 (e.g., wsj.com, vpnintouch.com), while the same resolver queried from a different ISP or region may have ACR < 0.1. The paper identifies three factors that determine effective bypass: DNS resolver identity, client vantage-point location, and the specific blocked domain.

2022-cheng-in-depth §4.2–§4.3, Figure 7–9 evaluation

The authors implement a system that identifies correct IP addresses of blocked domains inside a censored network by exploiting the predictable characteristics of forged IPs returned by GFW DNS filtering devices. The system achieves 100% accuracy in identifying valid IPs within a short time period, using 1.7 billion DNS records collected over 40 days across 86,876 resolvers.

2022-cheng-in-depth §6 (Abstract, §1 Introduction) defense

GFW DNS filtering effectiveness shows diurnal variation: correct response rates are lowest in the early morning hours (before 6:00 a.m.) and rise throughout the day, suggesting filtering devices fail to process all DNS queries during peak traffic periods. However, the overall variance across time is small — maximum standard deviation of 0.03 — indicating the filtering mechanism is broadly stable over the 40-day measurement window.

2022-cheng-in-depth §4.3, Figure 11 evaluation

Queries from inside China to non-Chinese public DNS resolvers (Google 8.8.8.8, Cloudflare 1.1.1.1) that pass through GFW DNS filtering devices yield an Absolute Correct Rate (ACR) of less than 1% for blocked domain lookups, regardless of the client's region or ISP. Even a self-built US resolver (45.63.86.214) was affected by the national-level DNS filtering mechanism.

2022-cheng-in-depth §4.1 evaluation

Extending Geneva's genetic algorithm to the application layer automatically discovered 77 unique HTTP evasion strategies and 9 DNS evasion strategies against censors in China, India, and Kazakhstan — all requiring only unprivileged usermode modifications with no TCP/IP header access. Against India's Airtel censor, 56 of the 77 strategies succeeded; 29 worked against Kazakhstan; 22 evaded China's keyword-based HTTP censorship and 27 evaded its Host-header censorship.

2022-harrity-get §5.1, §6 evaluation

China's Great Firewall runs three independent DNS censorship injectors in parallel; elevating the DNS qdcount field to 2 (despite only one query being present, violating RFC 1035) evades all three injectors simultaneously with 100% success rate across 1,000 trials — but only Cloudflare (1.1.1.1) among eight tested open resolvers responds to such queries. DNS compression paired with an elevated qdcount also achieves 100% evasion of all three injectors but is supported only by Cloudflare and Google (8.8.8.8).

2022-harrity-get §6, Table 3 evaluation

DNS manipulation is widespread across China (305 domains via local resolvers, 300 via public resolvers) and Russia (251 local, 205 public), but simply switching to a public DNS resolver already evades local-resolver-only filtering for many domains, reducing apparent censorship at the public-resolver layer. On-path filtering systems that poison queries to public resolvers represent a harder threat class requiring encrypted DNS.

2022-hoang-measuring §4.1, Table 2 evaluation

Using DoH plus ESNI, DNEye successfully unblocked 130/230 (56%) of DNS-filtered domains in China and 53/56 (95%) in Russia, but 0/49 (0%) in Iran. The primary failure mode in China (84 domains) and Iran (47 domains) was SNI-based filtering at the TLS layer for domains that do not support ESNI, which remains visible in the ClientHello.

2022-hoang-measuring §4.3, Table 3 evaluation

MCI (AS197207, Iran) intercepts cleartext DNS and returns the bogon address 10.10.34.36 for dns.adguard.com A queries regardless of which upstream resolver is used (system, 8.8.8.8, or 9.9.9.9), and intercepted queries never reached a researcher-controlled DNS-over-UDP server. This bogon falls in the same /24 documented in prior Iranian censorship research. Additionally, SNI blocking for dns.adguard.com was confirmed independently on both port 853 (DoT) and port 443 (DoH).

2021-basso-measuring §V-D detection

CacheBrowser and CDNReaper require clients to contact foreign CDN front-end IPs directly, but this only works for DNS-based CDNs; anycast CDNs use the same IP globally, so bypassing local DNS still routes the client to a local front-end. Only approximately 11% of Alexa top-1k websites use DNS-based CDNs across the five tested countries, and for potentially blocked sites (Citizen Lab lists), CacheBrowser can access only ~18% of 2,769 blocked URLs in Brazil.

2021-gosain-too §5.2, Table 1, Fig. 14 evaluation

GFWatch tested 534M distinct domains over 9 months (averaging 411M/day) and detected 311K censored domains, the largest such measurement in the literature. Of 138.7K base domains, only 1.3% appear in the top 100K most popular domains, confirming the GFW targets large numbers of obscure and unpopular domains far beyond well-known sites like Facebook or Twitter.

2021-hoang-great §4, Figure 3 evaluation

A circumvention strategy of holding DNS responses and filtering those matching the known forged-IP pool achieves 99.8% accuracy, correctly classifying 1,005,444,476 of 1,007,002,451 poisoned resolutions. From inside China, 99% of forged responses arrive within 364ms before the legitimate response, establishing 364ms as the recommended hold-on duration; from outside China, 11% of forged responses arrive after the legitimate one, making the IP-blocklist check necessary to avoid misclassifying genuine responses as poisoned.

2021-hoang-great §7.1, §7.2, Figure 11 defense

The GFW's bidirectional DNS filtering — which poisons DNS queries regardless of whether they originate inside or outside China — has polluted the caches of major public DNS resolvers worldwide: Google (74,715 censored domains), Cloudflare (71,560), OpenNIC (65,567), and OpenDNS (63,295), with 77K censored domains found polluted in total. This is compounded by the fact that 38% of base censored domains (53K) have at least one authoritative name server inside China, ensuring systematic external pollution for those domains.

2021-hoang-great §6.1, §6.2, Table 2 evaluation

GFWatch discovered 1,781 unique forged IPv4 addresses used in GFW DNS poisoning, yet injection is non-random: only 600 (33.6%) account for 99% of all censored responses, with the remainder in a long tail responsible for just 1%. The forged IPv4 pool is dominated by addresses belonging to Facebook (783 IPs, 44%), WZ Communications (277, 15.6%), Twitter (200, 11.2%), and Dropbox (180, 10.1%); all forged IPv6 responses use the bogus Teredo prefix 2001::/32.

2021-hoang-great §5.1, §5.2, Figure 8 detection

The GFW uses substring-matching regular expressions rather than exact domain matching, causing 41K of 311K censored domains to be overblocked — unrelated domains that happen to contain a censored domain string. The three base domains causing the most overblocking (919.com, jetos.com, 33a.com) collectively caused 15K unrelated domains to be inadvertently censored.

2021-hoang-great §4.1 detection

IP blocking in Myanmar was non-deterministic within individual ASes: Frontiir (AS58952) blocked Facebook's IP 157.240.15.36 but not 31.13.82.36, indicating ISPs used incomplete address lists. Different websites were blocked on different networks, and DNS interference was inconsistent even within a single ISP's resolvers, confirming that censorship was decentralized rather than implemented via a national choke point.

2021-padmanabhan-multi-perspective §3.3 detection

Post-coup, Myanmar ISPs shifted from primarily DNS-based blocking (dominant in 2020) to IP-based blocking. Blocking Fastly's IP 151.101.1.195 triggered collateral unavailability of more than 10,000 co-hosted websites; blocking a Google-hosted IP (172.217.194.121) rendered snapchat.com, getoutline.org, and others unreachable on at least 4 ASes during Feb. 24–27, 2021.

2021-padmanabhan-multi-perspective §3.3 evaluation

The authors developed 'Aladdin,' a 10-step OONI-based measurement experiment that isolates SNI-based blocking (step 1), Host-header blocking (step 2), DNS injection (step 3), system-resolver vs. DoH discrepancy (steps 4–5), TLS interception (steps 6–8), and TLSv1.3-specific SNI dependency (step 10); this methodology exposed Vodafone's Allot TLS interception that OONI's Web Connectivity test had recorded only as a generic certificate error.

2021-ververis-understanding §3.8 evaluation

Spain's blocking infrastructure, initially mandated for copyright and gambling enforcement, was repurposed to block 24 unique Catalan referendum URLs during October 2017, including the IPFS gateway and two GitHub Pages domains. GitHub Pages was blocked only via DNS manipulation (pointing to 127.0.0.1) rather than HTTP blocking specifically to avoid collateral blocking of all of GitHub.

2021-ververis-understanding §3.1.1, §3.3, §4 policy

Analyzing over 3 million OONI network measurements (2016–2020) from 17 ASes covering 98.45% of broadband and 90.94% of mobile subscribers in Spain, the study detected 16 unique blockpages, 2 DPI vendors (Fortinet/Fortigate in Telefonica; Allot in Vodafone), and 78 blocked websites across copyright, political, civil-rights, and referendum categories.

2021-ververis-understanding §3, §4 evaluation

Domain shadowing makes all three traffic indicators — connecting URL, SNI, and Host header — appear to belong to an allowed shadow domain while fetching content from a blocked back-end domain via CDN. Unlike domain fronting, it exploits a legitimate CDN feature (arbitrary back-end binding) rather than a SNI/Host mismatch quirk, so CDNs cannot disable it by enforcing header consistency without breaking legitimate use cases such as third-party service outsourcing via CNAME. The technique was demonstrated successfully accessing www.facebook.com from a heavily censored country.

2021-wei-domain §3.3, §6.2 defense

The GFW's DNS injection infrastructure comprises three distinct packet injectors, fingerprinted by combinations of IP-DF bit, IP-TTL behavior, DNS-AA flag, and DNS-TTL: Injector 1 (IP DF=0, incrementing IP TTL, DNS AA=1, DNS TTL=60) filters 88 domains including most Google properties; Injector 2 (IP DF=1, randomized IP TTL, DNS AA=0) handles ~24,729 domains; Injector 3 (IP DF=0, IP ID=0, fixed IP TTL, DNS AA=0) covers ~22,948 domains as a subset of Injector 2's domains. Over a 9-month study (Sept 2019–May 2020) sending 2.8 billion queries, 119.6 million forged responses were observed.

2020-anonymous-triplet-censors §4.1, Table 3 detection

Injector 3 mirrors the probe packet's IP TTL in its injected reply rather than using a fixed TTL. This defeats TTL-limited localization probes: the injected reply only reaches the prober when the probe's initial TTL equals 2n−1 (where n is the hop distance to the injector); at lower TTLs the mirrored TTL is too small for the reply to return. All three injectors appear co-located (inter-probe delays within 0.2 ms of each other), confirmed from 7 vantage points across 5 continents, and the behavior is consistent across 62% of all 36K tested Chinese IP prefixes.

2020-anonymous-triplet-censors §4.3 detection

The majority of censored websites are blocked in only one or two countries, with political and news content showing the strongest geographic specificity. Figure 3 shows that of domains blocked in China, Iran, and Turkey, only 29 are blocked in both China and Turkey, while 27,852 are China-only and 1,564 are Iran-only, demonstrating that cross-region client-to-client proxying is broadly applicable.

2020-nasr-massbrowser §III-C, Figure 3 evaluation

Between January 2017 and September 2018, ICLab conducted 53,906,532 measurements of 45,565 URLs across 62 countries and 234 ASes, detecting blocking of 3,602 unique URLs in 60 countries via DNS manipulation, TCP packet injection, and block page delivery. Iran blocked 20–30% of Alexa top-500 URLs — more than any other monitored country — while Saudi Arabia consistently blocked roughly 10%. The global trend in detected censorship shows a steady decrease, which the authors attribute to rising adoption of TLS and circumvention tools.

2020-niaki-iclab §V evaluation

ICLab's longitudinal monitoring detected censorship shifts coinciding with political events weeks before press coverage: Turkey's filtering rate rose from roughly 3% to 5% in late April 2017 — with blocked content shifting from pornography to news and political sites — ahead of a June 2017 constitutional referendum. India's censorship dropped from roughly 2% to 0.8% following a net neutrality announcement in late 2017, then partially recovered to roughly 1.5% after mid-2018 regulations clarified that illegal-content filtering would continue. Within the same country, different blocking techniques were applied to different content categories simultaneously (e.g., Turkey used DNS manipulation for illegal/streaming URLs but block pages for pornography and news).

2020-niaki-iclab §V-C, Table III evaluation

Of 19,493,925 TCP packet injection events ICLab detected, only 0.7% (143,225) could be definitively attributed to censorship after multi-heuristic filtering; a further 58% (15,589,882) were RST-or-ICMP-unreachable events classified only as 'probable censorship' because ordinary network failure could not be excluded. Block pages appeared in just 3.4% of definitively-censored injections, meaning the vast majority of censor-side TCP disruption is covert. DNS manipulation detection achieved a false positive rate of approximately 10⁻⁴ using a threshold of θ=11 autonomous systems, cross-checked against block page observations.

2020-niaki-iclab §IV-B, §V-A detection

Mann-Kendall trend analysis at 99% significance on 20 months of data found increasing censorship activity in more than 100 countries, driven primarily by DNS and HTTPS blocking methods, and identified 11 website categories facing rising censorship including human rights content, news media, and provocative attire. Countries such as Norway (ranked #1 in press freedom) showed aggressive DNS blocking across 25 ASes targeting more than 50 domains in at least 6 categories including hrw.org.

2020-raman-censored §7.2, §7.1.2 evaluation

Of 44,797 CDN-served domains on the April 2019 Roskomnadzor blocklist, 99.6% (44,615) were hosted on Cloudflare—attributable to Cloudflare's free tier with minimal vetting enabling rapid mirror-domain creation by blocked operators; the blocklist also contained 1,769 responsive circumvention-related domains, confirming that circumvention infrastructure is an active and documented blocklist target.

2020-ramesh-decentralized §V-B, Table III–IV deployment

Despite Russia's decentralized ISP ecosystem, 9 of 14 residential probes observed more than 90% of 98,098 tested blocklist domains blocked, and all 14 probes observed at least 49% blocked—demonstrating that coordinated nationwide censorship without centralized choke-points is achievable through legal mandates and commodity equipment alone.

2020-ramesh-decentralized §VI-B evaluation

Quack (which probes censorship on port 7/echo servers) detected substantially less blocking than Satellite (DNS-based): approximately 50% of Quack vantage points observed no blocking and ~90% observed only minor blocking, whereas Satellite observed major interference at most vantage points; the authors attribute this gap to Russian ISPs applying filtering predominantly on ports 80 and 443, leaving non-standard ports largely unfiltered.

2020-ramesh-decentralized §VI-B-3 evaluation

Indian ISPs use heterogeneous and overlapping censorship mechanisms with no single technique common across all providers: DNS tampering (ACT, Airtel, BSNL, MTNL), HTTP header filtering (all six ISPs), and SNI inspection (Jio only). Individual ISPs such as ACT simultaneously apply DNS-only blocking to 233 sites, HTTP-only to 1,873 sites, and both to 1,615 sites.

2020-singh-india §5.1, Table 2 evaluation

Of the Alexa top 1 million websites censored in China, 84.5% are blocked by IP address, meaning that even if both DNS hijacking and SNI filtering are fully circumvented, the vast majority of blocked sites remain inaccessible. Only 66 currently censored sites can be unblocked by ESNI alone (combined with an encrypted DNS channel), while 101,049 ESNI-supported sites remain blocked by IP.

2019-chai-importance §4.1, §4.3 evaluation

In China's Great Firewall, SNI filtering is almost never the sole blocking mechanism: only 70 of the 21,446 SNI-filtered sites are exclusively censored via SNI. The GFW uses SNI filtering as a 'third gatekeeper' — applied after DNS hijacking and IP blocking — and maintains separate blacklists for SNI filtering and DNS hijacking, evidenced by 2,764 sites under DNS injection but not SNI filtering.

2019-chai-importance §4.1 detection

China's GFW poisons DNS responses from major open resolvers (Google 8.8.8.8/8.8.4.4, Cloudflare 1.1.1.1/1.0.0.1, OpenDNS 208.67.222.222/220) for I2P domains, returning public IPs belonging to Facebook, SoftLayer, and other non-Chinese organizations. Blocking is non-uniform: AS9808 (Guangdong Mobile) appended a loopback 127.0.0.1 record alongside falsified IPs—a pattern not seen at other ASes—while the I2P mirror site remained accessible from most Chinese locations despite the homepage being blocked.

2019-hoang-measuring §5.1 detection

DNS injection from China's GFW leaked into South Korean networks: queries sent from Korean ASes (AS38676, AS9848) to open resolvers returned the same falsified IP addresses observed inside China, because geographic proximity caused transit routing through Chinese infrastructure. This demonstrates that the GFW censors both egress and ingress traffic, producing cross-border poisoning as a side effect. Sporadic rather than consistent injection at these ASes confirmed the leakage hypothesis rather than intentional Korean blocking.

2019-hoang-measuring §5.1 detection

Over one month, 54K measurements from 1.7K ASes in 164 countries detected I2P blocking in exactly five countries: China (DNS poisoning of homepage and 3 of 10 reseed servers), Iran (TCP RST injection with HTTP 403 on mirror site), Oman and Qatar (SNI-based blocking of HTTPS homepage plus TCP injection with block-page redirect on HTTP mirror), and Kuwait (TCP injection on mirror site at AS47589 only). All other tested countries left I2P fully reachable.

2019-hoang-measuring §5, Table 2 evaluation

The 1,125 newly discovered censored domains span a broad taxonomy: Chinese human rights organizations, Tibetan rights outlets, Falun Gong and religious freedom sites, minority news, privacy-enhancing technology providers, and sources covering Tiananmen and the 1989 democracy movement—none appearing on the Alexa Top 1,000 or FilteredWeb's blocklist. Privacy-enhancing technology providers appear explicitly as a censored category alongside political and religious content.

2018-hounsel-automatically §1, §5.1, §6 detection

Using NLP phrase extraction on Chinese-language censored pages, the system discovered 1,125 new censored domains not present on any publicly available blocklist, producing a list 12.5× larger than the standard Citizen Lab list (220 web pages, 85 domains). Across three evaluations (unigrams, bigrams, trigrams, each capped at 1,000,000 URLs), only 3 of the top 50 discovered domains overlapped with FilteredWeb's top 50.

2018-hounsel-automatically §5.1, Table 1 evaluation

High-power seed domains including uyghuramerican.org, dw.com, hrw.org, and eastturkistaninfo.com each produced TF-IDF descriptive tags that led to discovery of more filtered URLs from other domains than the total number of URLs crawled from those seeds themselves. Content-category analysis of the 1,355 poisoned domains showed filtering-avoidance tools, news, educational content, and human-rights sites among the most heavily targeted categories.

2017-darer-filteredweb §V-B, §V-D, Fig. 2, Fig. 7 evaluation

Sending DNS queries to eight non-DNS IP addresses within the Chinese IP range reliably detects GFW DNS poisoning: any response indicates the censor intercepted and replied to the query, since a legitimate non-DNS server would not respond. This external vantage-point technique discovers poisoned domains without in-country volunteers or local infrastructure.

2017-darer-filteredweb §IV-C evaluation

Approximately 95% of the 115,337 filtered URLs discovered in China were concentrated in just 15 large domains; the overall hit rate across the full crawl was 4.11 poisoned domains per 1,000 domains crawled. This concentration means aggregate filtered-URL counts in existing lists are dominated by a few major platforms while the broader tail of blocked domains remains largely undiscovered.

2017-darer-filteredweb §V-A, §V-C, Fig. 4 evaluation

FilteredWeb discovered 1,355 DNS-poisoned domains and 115,337 filtered URLs in China through 54,000 web searches by February 2017 — 30 times more poisoned domains than the most widely-used published filter list (Citizen Lab, which identified 44 domains). Of the 1,355 domains, 759 fell outside the Alexa Top 1,000, demonstrating that automated search-based discovery surfaces obscure filtered content missed by manual and volunteer-driven lists.

2017-darer-filteredweb §V-A, Table I, Table II evaluation

Eight Indian ASes can collectively intercept 99.14% of AS-level paths connecting all Indian ASes to DNS resolvers, including GoogleDNS and OpenDNS; 4,906 routers across these 8 ASes suffice to launch DNS injection attacks covering the entire country. The same 8 ASes also appear among the 10 key ASes identified for IP filtering.

2017-gosain-mending §4.2 evaluation

Autosonda classified 76 commercial web filters in the NYC metropolitan area into three categories: 21 (27.63%) performed DNS blacklist filtering, 44 (57.89%) matched on the HTTP Host header of GET requests, and 11 (14.47%) performed a DNS lookup of the Host header value and blocked based on the resulting IP. Autosonda found circumvention paths for 100% of filters tested.

2017-jermyn-autosonda §4.1 Results evaluation

China's Internet censorship ecosystem is bilateral: the GFW handles technical blocking while separate government agencies (MIIT, TCA, MPS, MSS) handle non-technical regulation, and 'these two components do not operate synchronously.' Google Scholar is considered a legal service by Chinese regulators but is incidentally blocked as collateral damage because it falls under the google.com domain, blocked since 2010.

2017-lu-accessing §2 policy

Among Iris's DNS manipulation detection metrics, AS-level consistency was most effective, classifying 90% of DNS responses as unmanipulated. IP-address identity matching flagged approximately 80% of correct responses, while HTTPS certificate validation improved from 38% to 55% accuracy when SNI was included in follow-up TLS probes.

2017-pearce-global §5.1, Figure 3 evaluation

Iris detected 41,778 manipulated DNS responses (0.31% of 13.5 million queries) across 58 countries and 1,408 domains in a two-day measurement window in January 2017. Iranian resolvers exhibited the highest median manipulation rate at 6.02% per resolver; China followed at 5.22%. Iran and China together accounted for roughly 55% of all manipulated responses despite contributing only approximately 6% of total query volume.

2017-pearce-global §5.2, Table 6 evaluation

Iranian DNS censorship returns special-purpose/private IPv4 addresses in 99.99% of manipulated responses (only 0.01% public), whereas Chinese manipulation returns public IPs 99.46% of the time—often addresses that host no services at all. The 10 most frequent Chinese censor-injected IPs constituted approximately 75% of all Chinese manipulated DNS responses.

2017-pearce-global §5.2, Table 8 detection

DNS manipulation is heterogeneous within countries, not uniform across ISPs. In Iran, one cluster of domains is manipulated by approximately 80% of in-country resolvers while a second group is manipulated by fewer than 10%, consistent with differential blackholing by separate DNS manipulation infrastructure tiers. China shows a similar bimodal split (~80% vs ~50%), while Greece and Kuwait exhibit more homogeneous cross-resolver manipulation.

2017-pearce-global §5.3, Figure 7 evaluation

All five Republic of Cyprus ISPs (Callsat AS24672, Cablenet AS35432, Cyta AS6866, MTN AS15805, and Primetel) used DNS hijacking as their sole blocking mechanism, creating local zone entries that override legitimate DNS replies and redirect users to ISP-controlled block pages or error pages.

2017-ververis-internet §6 detection

DNS hijacking used by Cypriot ISPs to block gambling websites also suppressed MX record responses for blocked domains, rendering email delivery to those domains impossible — collateral damage not mandated by the 2012 gambling law, which required only URL blocking.

2017-ververis-internet §6.7 evaluation

Cypriot ISPs could not enforce HTTPS URL entries from the NBA blocklist because SSL/TLS interception was not deployed; connections to port 443 for blocked domains simply timed out with no block page or user notification, meaning HTTPS entries were effectively under-blocked.

2017-ververis-internet §4.1 detection

Time-series analysis across five ISPs over six months reveals a near-universal stasis in January–February where blocklist changes were negligible for all ISPs, followed by significant fluctuations (e.g., a +20–35% swing in TCP unreachability between February and March for PTCL, Wateen, Qubee, and WiTribe). A ubiquitous drop in TCP-unreachability outcomes occurred December–January, suggesting a seasonal or policy-driven relaxation followed by re-tightening.

2016-aceto-analyzing §V-A evaluation

DNS tampering in Pakistan takes at least two distinct sub-forms: WiTribe and Nayatel redirect blocked domains to explicit block-page IPs (DNS resolution returns a routable address that serves a block page), while PTCL returns both failing IPs and explicit block pages, indicating that PTCL applies DNS tampering without user notification in some cases (NXDOMAIN-like) and with a block page in others. Qubee passes DNS entirely and applies content-level HTTP tampering at roughly 80% of measurements for blocked URLs.

2016-aceto-analyzing §V detection

Across five Pakistani ISPs measured over six months (Oct 2013–Mar 2014), censorship splits cleanly by ISP: WiTribe, PTCL, and Nayatel block via DNS tampering, while Wateen and Qubee block via HTTP content tampering. The two techniques do not overlap within a single ISP, demonstrating that Pakistan's censorship infrastructure is ISP-heterogeneous rather than centrally normalized.

2016-aceto-analyzing §V evaluation

A university closed survey of 64 Pakistani users found that 51% evade censorship using VPNs (Hotspot Shield being the most prominent), 25% use web proxies, 17% use Tor/onion routing, and approximately 7.2% use CDNs, mirror sites, search-engine caches, or web-based DNS lookup services.

2016-aceto-analyzing §V-B evaluation

Naive interference measurement systematically misclassifies CDN geographic routing as blocking (and vice versa): when China or Russia resolves twitter.com to a non-US IP, a naive detector must decide whether that is a CDN point of presence or interference. Joint iterative analysis of DomainSimilarity and IPTrust scores is required to separate authentic CDN footprints from block-page redirections.

2016-scott-satellite §1, §2.4, §2.4.1 detection

The top 10 CDNs collectively host nearly 20% of the Alexa top 10,000 domains (1,967 domains); CloudFlare alone accounts for ~10% of those sites (726 domains) and operates across 75 ASes with 107,008 IP addresses. CDN-hosted domains receive disproportionate interference relative to their 20% share, suggesting censors target popular shared-infrastructure sites as a high-leverage blocking strategy.

2016-scott-satellite §4.2, Table 3, Table 4, §4.3 evaluation

Censors can evade external DNS measurement systems like Satellite by injecting spoofed DNS responses only for resolvers located within the censored country, returning correct answers to external probes. This targeted injection would be 'much less visible to Satellite' while remaining fully effective against in-country users; the paper flags this as a fundamental limitation of single-vantage external measurement.

2016-scott-satellite §4.3 detection

Satellite detected a spike in anomalous DNS resolutions across Iranian ISPs in the second half of 2015, correlating with Iranian authorities' public statements about beginning a 'second phase of filtering,' followed by additional newly inaccessible domains in the lead-up to the February 2016 elections — demonstrating longitudinal DNS measurement can detect and time censor policy escalations.

2016-scott-satellite §4.4, Figure 12 evaluation

Satellite's single-node measurement methodology, probing 1/10th of 12 million discovered open DNS resolvers across 20,000 ASes and 169 countries, detected 4,819 instances of ISP-level DNS hijacking across 117 countries while measuring 10,000 domains with weekly precision from a single external vantage point.

2016-scott-satellite §1 Abstract, §2.2 evaluation

Camouflage bypassed GFW censorship in China across one month of daily testing with no plugin blocked. The GFW's primary mechanism was identified as keyword filtering on web content rather than DNS hijacking (avoided due to risk of collateral international impact). Dropbox was inaccessible inside China during testing, demonstrating that plugin substitutability is operationally necessary: at least one alternative protocol must remain reachable in any given censored environment.

2016-zarras-leveraging §5.3 evaluation

Table 1 of the survey documents that by 2013–2014 censors were deploying simultaneous blocking across BGP, DNS, IP/port filtering, TCP disruption, TLS, and application-layer keyword filtering. No single detection tool in the survey covers all six layers; the most comprehensive, OONI (2012), covers DNS, IP/port, TCP, TLS, keyword, and HTTP but notes only partial BGP coverage.

2015-aceto-internet Table 1 detection

In Italy, gambling and betting sites were censored primarily via DNS hijacking toward explicit blockpages with ISP-level plausible-DNS-resolution rates as low as 4.5% (NGI), 31.2% (Wind), and 46.1% (Telecom Italia), while the academic GARR network showed no censorship. File-sharing sites (thepiratebay.sx) faced a more aggressive multi-layer response: 2 of 4 ISPs showed less than 50% TCP reachability (versus near 100% for betting sites), and control DNS resolvers were also affected, indicating coordinated infrastructure-wide blocking rather than ISP-level DNS hijacking alone.

2015-aceto-monitoring §3.3 evaluation

For the same blocked resource (YouTube) in Pakistan, UBICA found at least three distinct ISP-level techniques in parallel: Micronet Broadband and Witribe Pakistan use DNS injection redirecting to explicit blockpages; Pakistan Telecom Company Ltd. returns DNS responses yielding only 11.7% plausible IPs; while Transworld Associates and National Wi-Max/IMS apply HTTP tampering with no DNS interference, confirmed by passing TCP reachability tests but failing content-size ratio checks.

2015-aceto-monitoring §3.1 evaluation

Pakistan Telecom Company Ltd. implemented DNS injection by returning 127.0.0.1 (localhost) for blocked domains, so TCP connections and HTTP requests appeared to succeed ("Content available" near 100%) while no legitimate content was served. Only 11.7% of DNS resolutions yielded a plausible IP address, yet the symptom is a silent local service response rather than an explicit blockpage, misleading users and confusing automated detection tools that rely on TCP reachability.

2015-aceto-monitoring §3.1 evaluation

UBICA's crowdsourced measurement campaign across 31 countries deployed 200+ probes (47 GUI clients, 188 headless clients, 16 BISmark routers) and tested more than 16,000 targets (~15,000 hostnames) over 4 months. Its content-size ratio algorithm detects blockpage substitution by comparing average resource size per country against a global baseline, using a threshold of 0.3 (midpoint between the two observed distribution modes minus a 0.2 guard interval) without requiring a pre-existing uncensored ground truth.

2015-aceto-monitoring §2, §3 evaluation

Applying a regional binomial hypothesis test (p=0.7, significance 0.05) to Encore measurements independently confirmed censorship of youtube.com in Pakistan, Iran, and China, and of twitter.com and facebook.com in China and Iran, validating passive cross-origin measurement against prior independent reports of filtering.

2015-burnett-encore §7.2 evaluation

In 8,573 controlled testbed measurements across image, stylesheet, and script task types, Encore produced zero false negatives and a ~5% false positive rate in India (attributed to unreliable network connectivity rather than filtering), establishing that cross-origin browser probes reliably detect DNS, IP, and HTTP filtering under stable network conditions but require aggregation to control noise.

2015-burnett-encore §7.1 evaluation

Locally curated URL lists elicit 3–5× higher blocking rates than global lists in high-censorship countries. In China and Yemen, local content was blocked three to five times more than globally sensitive content, attributed to language filtering and active censorship of local political discourse; China's 99% block rate on 'falun' in HTTP path vs. 81% for 'falun' in domain name further illustrates trigger sensitivity.

2015-gill-characterizing §5.4, §4.9, Fig. 13 evaluation

Across MENA countries (UAE, Tunisia, Oman, Iran, Qatar, Yemen, Saudi Arabia, Burma), over 80% of blockpage-delivering tests delivered the blockpage without DNS redirection, indicating transparent web proxies performing deep HTTP inspection rather than the cheaper DNS-intercept approach dominant in China. McAfee SmartFilter was identified in Qatar, Saudi Arabia, and UAE; Netsweepr in Qatar, UAE, and Yemen.

2015-gill-characterizing §5.1, Table VI evaluation

Of GFW-blocked websites in the Alexa top 1000, 82% are already hosted on CDN infrastructure; for news websites specifically, the figure rises to 85%. This was measured by scraping GreatFire.org blocked-site data and verifying CDN hosting for each domain.

2015-holowczak-cachebrowser §5.2 evaluation

Akamai's China-based edge servers self-censor, returning HTTP 403 for GFW-forbidden content, while Akamai's mapping system (located outside China) returns valid edge server IPs to Chinese users even for forbidden domains, and non-Chinese Akamai edge servers serve all content freely. This partial self-censorship structure is driven by the requirement to operate CDN infrastructure inside China.

2015-holowczak-cachebrowser §3.2.1 detection

CacheBrowser bypasses GFW DNS poisoning by directly fetching CDN content from known edge server IPs, using a low-bandwidth out-of-band bootstrapper to seed its edge-server database. The SWEET email-based bootstrapper achieves median 5.4-second resolution latency with 95% of queries answered within 10 seconds across 100 runs—acceptable because CDN provider migrations occur only every few months.

2015-holowczak-cachebrowser §4, §5.4 defense

CacheBrowser achieves significantly lower download latency than Tor when fetching CDN-hosted content from China, because content is retrieved directly from CDN edge servers without traversing third-party proxies. Fetching from non-default alternative CDN edge servers increases latency relative to the CDN-mapped optimum, but the overhead is not prohibitive for real-world browsing; geographically proximate alternative servers minimize the penalty.

2015-holowczak-cachebrowser §5.3 evaluation

The GFW universally uses DNS poisoning rather than IP blocking to censor CDN-hosted content. Across all tested CDN providers (Akamai, CloudFlare, CloudFront, EdgeCast, Fastly, SoftLayer), no CDN edge server IPs were IP-filtered, because a single provider like Akamai hosts content on 170,000 shared edge servers—blocking any IP would collaterally block hundreds of thousands of unrelated publishers.

2015-holowczak-cachebrowser §3.2, §3.3 detection

Spam-cloaked censorship measurements were correctly classified as spam by Proofpoint (the authors' university spam filter), validating surveillance evasion; separately, MX queries sent from a PlanetLab node in China confirmed that the GFW injected bad A DNS responses for both A-record and MX-record lookups for twitter.com and youtube.com, validating measurement accuracy.

2015-jones-can §3.2.3 evaluation

Across two major Pakistani ISPs, blocking mechanisms varied substantially for the same URL: ISP-A applied HTTP-level blocking with redirection to a block page, while ISP-B deployed multi-stage blocking combining DNS-level resolution to localhost and independent HTTP/HTTPS request dropping. A single ISP also used different filtering techniques for different URL categories (e.g., YouTube vs. HTTPS-accessible sites).

2015-nisar-case §3.2 / Table 1 evaluation

DNS hijacking of blocked gambling domains in Greece also destroyed MX records for those domains in seven of eight ISPs, making it impossible for users to send email to the censored companies. Only OTE preserved MX records for some (not all) blacklisted domains, and even those were not consistently updated. The Greek Gaming Commission's own public guidance directed affected users to consult prior bank statements for contact information.

2015-ververis-understanding §4.3 policy

After the EEEP blacklist was updated in July 2014 to remove pokerstarsblog.com, multiple ISPs continued blocking it — overblocking was observed at Cosmote (7 entries), Wind (7 entries), Vodafone (7 entries), Cyta (3 entries), Forthnet (3 entries), HOL (3 entries), and OTE (3 entries). The blacklist itself contained 28 duplicate domains (6.39%), 17 malformed entries (3.88%), and 3 entries (0.68%) with no gambling content (expired or parked domains).

2015-ververis-understanding §5.2, Table 4 evaluation

At least two ISPs (Cyta and Wind) returned fake HTTP 404 errors instead of mandated block pages for a portion of censored entries, and some ISPs served connection timeouts (port 443 blocked) with no explanation — in both cases obscuring deliberate censorship as an apparent network or server failure. Additionally, Cyta embedded Google Analytics on its block landing page to track users who attempted to access censored content.

2015-ververis-understanding §4.2, §5.2 policy

Across eight Greek ISPs measured in June–August 2014, DNS hijacking was the dominant blocking method: seven of eight ISPs used it exclusively, while only Vodafone deployed DPI (Bluecoat WebProxy/6.0) for URL-level filtering. Compliance with the EEEP blacklist of 438 entries ranged from 21.91% (Forthnet) to 100% (Cosmote, HOL, OTE), with no ISP exactly matching the regulator's list.

2015-ververis-understanding §4.2, Table 1 evaluation

Vodafone Greece's DPI system (Bluecoat WebProxy/6.0) performed exact-URL matching against the EEEP blacklist: requests to rivernilecasino.net and www.rivernilecasino.net passed through unblocked, while the exact blacklisted URL www.rivernilecasino.net/index.asp was intercepted and redirected to http://1.2.3.50/ups/no_access_gambling.htm. Subdomains of DNS-hijacked domains returned NXDOMAIN with no A record, making them silently unreachable rather than redirected.

2015-ververis-understanding §4.2, Appendix A.1 detection

LiveJournal cooperated with Russian authorities (Roskomnadzor) to segregate censored content by altering DNS A records for blacklisted blogs to a special host (208.93.0.190) that came online between February 10–17, 2014. Only 5 of 1,462 LiveJournal subdomains in Alexa's Top 1 million resolved to this address, all of which had been publicly declared in violation of Russian media law.

2014-anderson-global §4.2 detection

Turkey's filtering of Twitter relied overwhelmingly on DNS manipulation over IP blocking: as of April 24, 2014, only 167 IP addresses were blocked versus 40,566 domain names. Users who received valid DNS answers could browse Twitter without further interference, making foreign DNS servers (Google 8.8.8.8, OpenDNS) an effective circumvention mechanism — reportedly graffitied across Turkey in protest of the ban.

2014-anderson-global §4.1 detection

When Turkish users shifted to foreign DNS providers as a circumvention mechanism, Türk Telekom escalated by rerouting traffic destined for Google Public DNS (8.8.8.8 and 8.8.4.4) to a local DNS server serving false answers (Event E, March 28), causing a rapid drop in Tor and YouTube availability across all Atlas probes regardless of DNS configuration. At least 6 distinct shifts in filtering strategy were documented within a two-week period.

2014-anderson-global §4.1 detection

The GFW does not distinguish DNS query traffic directionality, injecting forged replies for both inbound and outbound queries on monitored links. This causes collateral censorship of DNS resolvers outside China when they contact authoritative nameservers located in or whose paths transit China, even for non-Chinese clients.

2014-anonymous-towards §2 detection

Testing approximately 130 million domain names uncovered 35,332 censored domains from which 14,495 keywords were extracted across 7 distinct matching patterns. The blocklist grew by approximately 10% over eight months (August 2013–April 2014), and more than two-thirds of censored domains had expired registrations, suggesting the GFW rarely removes entries.

2014-anonymous-towards §6 detection

The GFW deploys DNS injection nodes only at China's border, within 2–3 hops of international transit points, across 16 border ASes. Internal probing found only 0.04% of 42,849 domestic routing paths exhibited DNS pollution, versus ~80% of externally-facing /24 subnets.

2014-anonymous-towards §5 detection

Probing ~150,000 open DNS resolvers inside China over two weeks found that more than 99.85% provided polluted answers for blocked domains. The small fraction of clean resolvers achieved this by forwarding queries to Google Public DNS or OpenDNS via uncensored tunnels, or by locally dropping responses containing known GFW 'Bad IP' addresses (174 identified IPs).

2014-anonymous-towards §4 evaluation

A single GFW node employs approximately 360 distinct processes, load-balanced by source and destination IP address, which collectively inject censored DNS responses at an average rate of ~2,800 packets per second, ranging from 1,100 to 4,000 pps over a day.

2014-anonymous-towards §7 detection

Applying automated block-page detection to the ONI dataset (49 countries, 2007–2012) reveals that Burma's (AS 18399) censorship mechanism shifted from DNS redirection to a transparent proxy returning a custom block page in mid-2009, then block pages largely disappeared after Burma's late-2011 political liberalization. Saudi Arabia (AS 25019) shows a similar transition with WireFilter replacing an unidentified prior tool in 2011, with two concurrent block-page templates suggesting multiple simultaneous filtering devices.

2014-jones-automated §6 evaluation

Before censorship the local ISP resolver handled ≥99% of SOHO DNS queries for blocked categories; post-YouTube block, local ISP resolver usage fell to 68–74%, with Google Public DNS rising to 14–19% of queries and OpenDNS/LEVEL-3 also gaining significant share. Simultaneously, unique web-proxy domains in SOHO traffic averaged only 1 pre-block, jumped to 41 on average post-block, and peaked at 114 unique proxy domains on the block day itself.

2014-khattak-look §6.2, Table 9 evaluation

Pakistan's censorship used layered, evolving mechanisms: DNS redirection by local ISP resolvers appeared in all post-block traces, supplemented by HTTP 3XX redirection to a local provider's error page in Sep 2012 and shifting to RST injection by Aug 2013 (where ≈95% of YouTube HTTP requests received no response, vs. ≈2% pre-block). Porn blocking similarly combined DNS redirection with IP blocking (41% blacklist overlap) in Sep 2012 and RST injection in Aug 2013.

2014-khattak-look §4.2–4.3, Table 4 detection

Before censorship, porn traffic averaged 8.4–11.5% of HTTP bandwidth across residential and SOHO users respectively. Post-censorship, this fraction fell to ≈3.5–4.0% for residential and ≈2.0–3.7% for SOHO users. Even after accounting for traffic shifted to unblocked alternate porn domains and the contemporaneous SSL/VPN increase, porn traffic did not return to pre-block levels, suggesting censorship achieved partial demand suppression despite being bypassable via alternate DNS resolvers.

2014-khattak-look §6.1, Table 7, Table 11 evaluation

On the day of YouTube's block in Pakistan (18 Sep 2012), SOHO users' HTTP:SSL traffic ratio collapsed from ~38:1 pre-censorship to ~3.2:1, and remained at ~3.25 eleven months later (Aug 2013), indicating rapid and sustained mass adoption of SSL-based circumvention. A supplementary survey of ~700 Pakistani users confirmed 57% used SSL-based VPN software (UltraSurf, OpenVPN, Hotspot Shield) to access YouTube.

2014-khattak-look §6.1, Table 7 evaluation

YouTube held an average of ~97% of SOHO video bandwidth across four pre-block traces. On the block day (18 Sep 2012) this dropped to 15.8%, with DailyMotion absorbing ~82% of 'Others' traffic. Eleven months later (Aug 2013), YouTube's unencrypted video share reached 0%, with Tune.pk at 57.6% and DailyMotion at 40.9% of total video bandwidth, reflecting a durable market reallocation among video platforms.

2014-khattak-look §7.1, Table 8 evaluation

DNSSEC fails to withstand legal attacks because governments can legally compel DNS authority operators to manipulate entries and certify the changes; the trust chains DNSSEC establishes mirror DNS zone delegations and therefore inherit the same jurisdictional vulnerabilities. A Danish police incident demonstrated the collateral damage: 8,000 legitimate domains were accidentally removed when censorship procedures were executed against a single target. Chinese DNS injection has been shown to have worldwide effects on name resolution through out-of-bailiwick NS record chains.

2014-wachs-censorship-resistant §1, §2.2 policy

GNS bounds the trusted computing base (TCB) for any individual name resolution to fewer than approximately 125 entities (constrained by name label length) and makes the full trust chain transparent to the user. By contrast, even simple DNS lookups can silently depend on correct answers from over 100 DNS zones; China's DNS injection caused global collateral damage precisely because out-of-bailiwick NS record chains made the full trust graph invisible to resolvers and users alike.

2014-wachs-censorship-resistant §5 evaluation

Measurement of Alexa top-500 websites across 18 categories found that over 50% of the internet's most-visited sites were blocked in Iran, with adult content blocked at over 95% and the Art category the third-most censored. DNS hijacking was applied selectively to only three domains (facebook.com, youtube.com, plus.google.com), while HTTP Host filtering accounted for the vast majority of blocks.

2013-aryan-internet §4.1, Table 1 evaluation

DNS queries for blocked domains were intercepted on-path and never reached the authoritative server; instead, the DNS server received 5 TCP RST packets spoofed from the client's address — despite the original queries being UDP, a likely misconfiguration. Three RST packets carried an identical random sequence number while two had a relative offset of 30 from the first three, the same distinctive 3+2 RST pattern observed in the HTTP blocking mechanism.

2013-aryan-internet §4.3, Figure 4 detection

All 307 blocked websites in Pakistan's test dataset were accessible via CoralCDN (by appending .nyud.net to the hostname) and via Google, Bing, and Internet Archive search-engine caches at the time of the study (2013), representing simple but underutilized bypass vectors. The paper flags these as 'surprisingly unexplored' circumvention options.

2013-nabi-anatomy §5.2, §5.3 defense

A controlled survey of 67 technically literate users in Pakistan found that ~45% primarily use public VPN services (Hotspot Shield, Spotflux), 24% use web proxies, and 11% use HTTP proxies such as Ultrasurf to bypass censorship. The survey population skews technical, so real-world adoption of low-friction tools among average users is likely higher.

2013-nabi-anatomy §4.3 evaluation

Pakistan's pre-April 2013 ISP-level censorship used DNS injection (spoofed NXDOMAIN) as the primary mechanism, affecting 60.91% of the 307 tested websites on the university network. Critically, the DNS injection extended to public resolvers including Google DNS (8.8.8.8) and Level3 (209.244.0.3), meaning switching to a well-known public resolver does not bypass the block.

2013-nabi-anatomy §4.1.1 detection

Every website blocked at the DNS level in Pakistan was also blocked by a secondary HTTP-layer mechanism, ruling out the use of alternative DNS resolution (web-based lookup tools or user-generated content hosting DNS records) as a standalone bypass. Multi-IP shared-service sites such as YouTube and Wikipedia were blocked only at the HTTP level, where a Host-header match triggered censorship regardless of the destination URL.

2013-nabi-anatomy §5.1 detection

In April 2013 Pakistan transitioned from fragmented ISP-level HTTP 302 redirect blocking to centralized IXP-level fake HTTP 200 response injection (attributed to the Canadian firm Netsweeper), resulting in a uniform warning page across all test networks except one still transitioning ISP. Post-transition, 58.30% of the 307 test sites were blocked by DNS and 1.62% by fake HTTP 200 injection; IP and URL-keyword filtering remained at zero.

2013-nabi-anatomy §4.2 evaluation

GoAgent, the most widely used circumvention tool among the 1,175 surveyed users, routes traffic through Google App Engine IP addresses also used by Gmail and Google Apps for Businesses. The GFW resorts to DNS poisoning of appspot.com domains rather than IP-blocking these shared addresses because a blanket IP block would disrupt commercially critical Google services — and GoAgent bypasses the poisoned DNS by connecting directly to the unblocked IPs, making surgical separation of circumvention traffic from business traffic infeasible.

2013-robinson-collateral §2 Tool Usage, §3 Collateral Freedom Matters defense

In a DHT-based censorship-resistant name system, poisoning attacks (injecting invalid mappings) are neutralized by requiring signature verification on stored values; eclipse attacks (isolating specific mappings from the network) require replication across multiple DHT nodes. Critically, decentralizing lookups from a single ISP resolver to a DHT shifts query visibility from ISPs to arbitrary peers, requiring per-query encryption keyed to secrets known only to the querying client to limit adversaries to confirmation attacks.

2013-wachs-feasibility §4.4 defense

DNSSEC's hierarchical delegation structure provides no protection against state-level censors: governments can legally compel top-level domain operators to alter records, and coerced results still validate because they are signed by the coerced-but-technically-legitimate authority — making end-to-end DNSSEC security insufficient to detect such attacks.

2013-wachs-feasibility §3.1 detection

Pseudo-TLDs (e.g., '.key' for cryptographic-identifier namespaces, '.pet' for petname systems) allow multiple censorship-resistant name systems with distinct security trade-offs to coexist transparently alongside DNS via Name Service Switch configuration, with system-specific resolution logic applied per TLD and no application reconfiguration required by users.

2013-wachs-feasibility §4.1 defense

In an adversary model where the censor may hold more computational power than all honest nodes combined, a squatting attack lets the adversary enumerate and pre-register every memorable name, formally proving it is impossible to simultaneously achieve memorable, secure, and global names in a single name system (Zooko's triangle).

2013-wachs-feasibility §3 policy

Several Iranian domains maintain DNS A records pointing to RFC1918 private addresses that resolve only when queried against Iranian nameservers (IRNIC); the same query to Google's public DNS (8.8.8.8) returns REFUSED. Domains including realm.blizz.ir (→ 10.175.27.120), isftak.ir, and geeges.co.ir exhibit this split-DNS pattern as of September 2012.

2012-anderson-hidden §5.2, §6 detection

An attacker with DNS spoofing capability — the paper cites the GFW explicitly — can respond to Ultrasurf DNS discovery queries before legitimate resolvers and inject crafted CNAME records that fully control the client's single-hop path selection. In code paths where peer verification is skipped ('SkipverifyQ0' log entries), this enables complete traffic interception without any cryptographic break.

2012-appelbaum-technical §6.4, §5.6 detection

Ultrasurf's DNS bootstrapping phase uses subdomain names that are always exactly 16 characters between delimiters and exclusively target .info TLDs, producing a constant byte-width network signature. The paper concludes that filtering this bootstrapping traffic is straightforward even without reverse engineering the client binary, as the client itself acts as a network discovery oracle for censors observing its connections.

2012-appelbaum-technical §5.6, §6.8 detection

Without DNSSEC, Hold-On can be defeated by a sophisticated censor that crafts injected packets with TTL and timing matching the expected legitimate reply, injecting just before its predicted arrival. When combined with DNSSEC, Hold-On is robust even against this attack because the censor cannot forge a valid DNSSEC signature; injection can still cause a denial-of-service by forcing a 'Bogus' result, but Hold-On prevents that by waiting for the legitimate validating reply.

2012-duan-hold-on §VI defense

Over 11,700,000 DNS requests across 6 days at ICSI's border network and 15,200,000 DNS transactions in a 1.5-hour trace at UC Berkeley's border, secondary differing DNS replies were essentially absent in normal traffic, yielding effectively 0 false positives. Only two benign authority servers produced anomalous dual replies at Berkeley—one for the BBC returning two addresses within the same /24, one for businessinsider.com returning a SERVFAIL—neither of which would disrupt a Hold-On resolver.

2012-duan-hold-on §IV.A evaluation

A prototype Hold-On DNS proxy introduced no perceptible additional latency for either cached or uncached DNS queries in live testing; query-time measurements for both sets of names overlapped entirely with baseline (Hold-On disabled) measurements. The Hold-On timer (set to 5 seconds initial, 10s second try, 15s third try) is only reached under anomalous conditions; under normal operation the resolver returns as soon as the legitimate reply validates.

2012-duan-hold-on §V.B evaluation

On-path censors commonly operate on traffic mirrors rather than inline (in-path), making their systems failure-tolerant and easier to deploy. This architectural choice means on-path injectors cannot suppress the legitimate DNS reply—both the forged and authentic replies reach the resolver—creating a detectable anomaly. The same structural weakness applies to TCP RST injection and other on-path packet injection attacks.

2012-duan-hold-on §I, §II.A detection

In approximately 100,000 DNS queries over 9 days from within a censored network, injected packets were reliably distinguishable: legitimate IP TTLs were stable at either 44 or 42, while injected TTL values ranged across [0–255], and injected packets arrived well before legitimate replies because the injector co-resided within the same ISP while the recursive resolver was in another country. With a TTL threshold of ±1 and an RTT threshold of 0.5× expected RTT, the Hold-On prototype achieved 0% false positive rate and 0% false negative rate.

2012-duan-hold-on §IV.B, Table I evaluation

OONI's experiment-control methodology explicitly favors false positives over false negatives: it is preferable to generate more censorship candidate events for further investigation than to miss genuine interference. Mismatch between experiment and control data is not always a definitive signal of manipulation but is treated as sufficient cause for flagging, and data collection and analysis are treated as distinct phases.

2012-filast-ooni §4 Methodology evaluation

OONI's threat model assumes an adversary capable of country-wide traffic manipulation who may actively fingerprint and identify measurement probes. Prior measurement tools (e.g., ONI's rTurtle) used easily fingerprinted centralized DNS and HTTPS traffic, which the authors flag as a pattern to avoid. The authors acknowledge that anti-fingerprinting measures will likely reduce measurement accuracy — a trade-off unresolved at publication.

2012-filast-ooni §3 Threat Model; §10 Limits and future work detection

DNSSEC validation naturally prevents DNS injection collateral damage: both .de and .kr sign their results, allowing a validating resolver to reject the unsigned injected reply while awaiting the legitimate signed response. The paper identifies DNSSEC deployment at the TLD level as the most robust structural defense against injection-based collateral damage.

2012-sparks-collateral §5 defense

Probing 43,842 open recursive resolvers across 173 countries found 26.41% (11,579) suffer some collateral damage from Chinese DNS injection, distributed across 109 countries. The top-affected regions are Iran (88.20%), Malaysia (85.34%), South Korea (79.20%), Hong Kong (74.63%), and Taiwan (66.13%).

2012-sparks-collateral §4.3, Table 5 evaluation

DNS injection collateral damage arises from three structural properties of DNS: iterative resolution (full queries sent to root and TLD authorities), anycast routing (two resolvers may reach different physical servers via different paths), and dynamic routing through censored transit ASes. A single domain lookup may generate many queries at multiple levels, any of which can be intercepted by a censored transit AS even when both the originating resolver and the authoritative server are outside the censored network.

2012-sparks-collateral §3 detection

TraceQuery probing identified 3,120 router IPs performing DNS injection belonging to exactly 39 Chinese ASes. AS4134 (Chinanet) alone accounts for 1,952 router IPs (62.6% of injecting routers); the top 5 ASes account for over 77% of all identified injecting routers.

2012-sparks-collateral §4.2, Table 3 evaluation

TLD-level paths are the primary collateral-damage vector: 11,573 resolvers (26.40%) suffered collateral damage via censored transit to TLD authorities, while only 1 resolver (0.002%) was affected via paths to root servers. The .de ccTLD was most affected because a large fraction of US-to-Germany transit traverses Chinese networks.

2012-sparks-collateral §4.3, §4.4, Table 6 evaluation

Across 11 countries, censorship execution falls into at least six distinct categories: DNS redirect to localhost (Malaysia, Russia, Turkey), DNS redirect with warning page (South Korea), connection timeout with no notification (Bangladesh, India), spoofed TCP RST injection (China), spoofed HTTP 403 with warning page (Bahrain, Iran), HTTP 302 redirect (South Korea, Thailand), and spoofed HTTP 200 iframe response (Saudi Arabia). Four countries censor at DNS and eight at routers, with South Korea employing both layers simultaneously.

2012-verkamp-inferring Table 3 evaluation

South Korea operates DNS-based and router-based censorship simultaneously; sites blocked at the DNS resolver are a strict subset of those blocked at the router, verified by switching to an external DNS resolver and observing continued blocking at the router layer. Alternate DNS resolvers alone are therefore insufficient to circumvent South Korean censorship, in contrast to Malaysia, Russia, and Turkey where DNS-only bypass is adequate.

2012-verkamp-inferring §4.1, §4.2 evaluation

Proximax uses fast-flux DNS — multiple IP addresses registered to one personalized domain with short TTLs and round-robin rotation — to resist channel-level DNS blocking. When a channel's domain is blocked, the system issues a fresh individualized hostname, forcing the censor to repeat discovery rather than permanently suppressing the channel with a single DNS entry removal.

2011-mccoy-proximax §2.2 defense

DNS infrastructure is a primary chokepoint target: U.S. DHS seized domain names of sites including rojadirecta.org — found non-infringing under Spanish law — without Congressional authority. The proposed PROTECT-IP Act (2011) would have authorized DNS injection against 'non-domestic' domains. Developers countered with a browser plug-in distributing alternate domains outside U.S. jurisdiction; Mozilla refused a DHS demand to remove it.

2011-seltzer-infrastructures §1.4.1 policy

Censorship operating at the infrastructure layer (hosting, DNS, ISPs) rather than the content layer produces opacity: blocklists must be kept secret lest they become menus of blocked content, accuracy cannot be examined, and harms are divided from those with incentive or expertise to oppose them. The consistent pattern in anti-censorship responses is to distribute, decentralize, encrypt, and obfuscate — making circumvention traffic indistinguishable from permitted use.

2011-seltzer-infrastructures §2.1 policy

Over a 14-day evaluation in April 2011, CensMon tested 4,950 unique URLs from 2,500 domains across 174 agents in 33 countries, detecting 951 unique URLs from 193 domains as filtered. Manual verification of all 193 flagged domains found only 3 false positives, demonstrating high precision for an automated distributed monitor.

2011-sfakianakis-censmon §4.2 evaluation

Among all filtered URLs detected, HTTP filtering accounted for 48.5%, IP address blocking for 33.3%, and DNS manipulation for 18.2%. Of the domains blocked at the HTTP layer in China, 71% were blocked due to URL keyword filtering rather than HTML response content filtering.

2011-sfakianakis-censmon §4.2, Figure 2 evaluation

CensMon detected zero instances of partial web-page content filtering across 4,950 tested URLs during April 2011, indicating that censors at that time uniformly applied coarse-grained techniques — full URL block, IP blacklist, or DNS hijack — rather than inline content modification at the sub-page level.

2011-sfakianakis-censmon §4.2 evaluation

Blocking in the studied country was erratic and inconsistent: some geographic areas accessed the Internet through channels outside the main government-controlled pipeline and experienced no blocking, while other areas experienced sudden unexplained block-and-unblock cycles (e.g., a video sharing site and a microblogging site were blocked for 2-3 days in 2010 and then unblocked without explanation). Users frequently could not distinguish between deliberate blocking and ordinary technical outages, and this ambiguity itself amplified self-censorship among users who had not been directly targeted.

2011-shklovski-online §Blocking as an Abstract Concept / National Internet space policy

Users lacking technical circumvention skills bypassed blocking via social relays: technically savvy friends or contacts in unblocked regions copied blocked content into email or reposted it on social network profiles, allowing censored information to reach users who had no direct access to proxies or anonymizers. This informal bypass required no circumvention software on the recipient's end.

2011-shklovski-online §Reliance on social ties policy

Open DNS resolvers, widely available across the internet as public services, make DNS poisoning trivially detectable globally: a researcher can connect to a resolver in a target country and compare responses against a trusted reference resolver, without requiring volunteer proxies or in-country infrastructure.

2011-wright-fine-grained §4.2 evaluation

National-level filtering is not homogeneous: the administrative burden of maintaining up-to-date filtering rules at national scale leads states to delegate implementation to regional authorities or individual ISPs, producing measurable filtering differences between geographic regions and providers within the same country.

2011-wright-fine-grained §2, §6 policy

A PlanetLab node in Beijing successfully loaded all 100 Alexa top-100 websites through a prototype Telex station at the University of Michigan; without Telex, 17 of the 100 sites were blocked (including facebook.com, youtube.com, blogspot.com, and twitter.com from the top 10), using forged RST packets, false DNS results, and destination IP blackholes. The median latency overhead for routing through Telex was approximately 60% for the 83 unblocked sites.

2011-wustrow-telex §8.4 evaluation

SkyF2F tunnels censored traffic through Skype's encrypted overlay network, forcing the censor into an all-or-nothing dilemma: blocking SkyF2F requires blocking Skype entirely, which causes actual economic damage to businesses and users who depend on it. Because Skype users are identified by pseudonym and all messages are routed to overlay addresses rather than Internet addresses, IP-based blocking, DNS filtering, port blocking, and keyword filtering are all rendered ineffective.

2009-cao-skyf2f §V.A defense

A single bad Chinese DNS server queried 600 times about the same censored domain consistently returned a random address from the same pool of 8 IPs across all responses, confirming that the tampered behavior is deterministic and centrally coordinated rather than ISP-specific or probabilistic. The same 8-IP pool appeared uniformly across servers from China Telecom, China Unicom, and other carriers.

2007-lowe-great §6.1, §6.3, Table 1, Table 2 evaluation

99.88% of 1,607 tested Chinese recursive DNS servers returned tampered responses for censored domains. Tampered responses drew from a pool of only 8 IP addresses, compared to 441–454 distinct IPs returned by U.S. control servers for the same query set — with 366 censored domains sharing exactly those 8 IPs.

2007-lowe-great §6.1, Table 1 detection

Because the GFW injects forged DNS responses rather than dropping the original query packet, the legitimate response from the upstream DNS server may still arrive after the injected forgery. The authors propose two circumvention strategies: querying on a non-standard port to bypass the port-53-only injection filter, or issuing standard-port queries and selectively discarding responses matching the known bad-IP pool to recover the authentic answer.

2007-lowe-great §6.4, §8 defense

TTL manipulation experiments demonstrated that the GFW injects forged DNS responses at the router level, not at the DNS server: responses to censored domain queries exhibited inconsistent IP ident fields and wildly varying TTL values — consistent with a stateless in-path router — while control (non-censored) responses to the same server showed monotonically increasing ident and stable TTL. The injection was observed exclusively on port 53; identical queries sent to port 80 received no injected responses.

2007-lowe-great §6.4, Table 3 detection

Nonsense domains with known-censored hostnames embedded as subdomains (e.g., www.epochtimes.com.pSyfA6srAZ0qCxU63.com) triggered the same tampered responses — returning the pool of 8 bad IPs — as direct queries for the censored domain. Control-subdomain nonsense domains (e.g., www.pSyfA6srAZ0qCxU63.com) did not trigger tampering, indicating the GFW performs substring keyword matching across the full DNS query label string.

2007-lowe-great §6.2 detection

The CleanFeed first stage populates its IP blocklist by automatically resolving hostnames from the IWF database via DNS. Content providers can serve false DNS results pointing to high-traffic third-party IP addresses (e.g., Google cache servers at 66.102.9.104), causing the first stage to redirect legitimate traffic through the proxy. Automated IP-update processes cannot reliably distinguish a genuine IP migration from a spoofed DNS result, and this can cause legitimate sites to be blocked collaterally.

2006-clayton-failures §4.3 detection

The paper evaluates all major circumvention techniques available in 2003 and concludes that only application-layer proxies (HTTP, SOCKS, JAP, peek-a-booty) and IP tunneling can defeat all three blocking layers (IP filtering, DNS tampering, filtering proxies) simultaneously. Encryption alone cannot circumvent IP or DNS blocking; HTTPS hides URL paths but not the destination host; DNS-over-HTTPS/DNSSEC can detect but not defeat DNS tampering without a third-party resolver.

2003-dornseif-government §2.4 defense

An empirical DNS survey of North Rhine-Westphalia providers (May 2003) found that kids.stormfront.org — not named in the blocking order — was returned with obscure errors by 56% of surveyed servers, while rotten.com (also not in the order) was erroneously blocked by 11% of providers. www.stormfront.org itself was blocked by 12 providers with 0% still accessible, demonstrating that real-world DNS-tampering deployments systematically over-block non-targeted names at high rates.

2003-dornseif-government §4.2, Table 1 evaluation

Survey of NRW provider DNS implementations revealed at least five distinct tampering strategies in the wild: name hijacking to a government redirect server, NXDOMAIN for entire zones, name astrayment to 127.0.0.1 (user's own machine) or to unallocated IPs such as 1.1.1.1, silence (no reply), and provoked SERVERFAIL. One provider (tops.net) additionally set tracking cookies on users redirected to its block-notification page, demonstrating that name hijacking creates a surveillance vector beyond the blocking itself.

2003-dornseif-government §4.2 evaluation

DNS zone architecture prevents providers from blocking individual hostnames without also disrupting all other services (email, chat, file transfer) for every name in the same DNS zone. A provider blocking www.bad.example.com must create a synthetic zone for bad.example.com, requiring continuous re-synchronization with authoritative servers at 3–24 hour intervals; failing to replicate MX records blocks email to non-targeted addresses in the zone.

2003-dornseif-government §2.2.3 detection