What is a DNS block and 3 ways to get around it

216 Flares Twitter 14 Facebook 193 Google+ 9 Email -- 216 Flares ×

Recently the Malaysian Commission for Multimedia and Communications (MCMC) issued a directive to local ISPs to filter a number of file sharing websites because they violate the Copyright Act. While some of the content may be in violation of the Act, some think the Government is being too heavy handed by issuing a blanket order to block these sites.

I don’t want to debate the Government’s decision, but I believe that sometimes there are legitimate reasons to access websites that your Government / ISP / employer doesn’t want you to. This article will explain what is DNS filtering and show you 3 ways to get around it.

What is DNS blocking?

DNS blocking or filtering is a common method of denying access to certain websites. Let’s have a look at how it works.

Each website is hosted on a web server that has a IP address. For example, the IP address for Facebook is 69.63.176.13. If you type those numbers in your web browser, you will arrive at Facebook’s website (may not work if your ISP disallows it).

However, IP addresses are not very user friendly. It’s easier to remember facebook.com than 69.63.176.13 isn’t it? Therefore the inventors of the internet also created a phone book called the Domain Name System, or DNS.

The DNS translates domain names into IP addresses so that you don’t have to remember random strings of numbers. Each ISP (e.g. Streamyx, P1, etc) have their own DNS servers that functions as phone books for their subscribers.

Whenever you type a website address into your browser, your browser first asks the ISP’s phone book what the IP address for that website. Once it’s figured out the IP address it will then load the website for you.

With DNS blocking, the ISP is simply removing the record for the blocked websites from their phone book. So when you try to load one of the blocked websites, all you get is a blank screen in your browser because it doesn’t know what the IP address is.

3 ways to get around DNS blocking

1. Use another DNS server / phone book

What do you do if your phone book doesn’t contain the address you are looking for? You use another phone book!

Besides your ISP, other organizations also offer DNS servers. One such organization is Google. You can manually tell your computer to refer to Google’s DNS servers – 8.8.8.8 and 8.8.4.4 – and it should now be able to access the blocked sites again (unless Google also blocks them).

Google has detailed instructions on how to tell your Windows, Mac or Linux computer to use their DNS. For iPhone users, you can go to the Settings app » Wi-Fi Networks » tap the blue arrow for your current Wi-Fi network » type 8.8.8.8 in the DNS field.

Google DNS on iPhone

Google DNS on iPhone

2. Use a Proxy server

A proxy server is a server that acts as an intermediary, relaying your request for connection to a webpage, file, or service on the Internet. It gets you around the DNS block because the proxy server should not rely on our local ISP’s DNS servers (phone books).

The downside to using a proxy is that all your passwords, cookie information, etc is being relayed though the intermediary. However if trying to access file sharing websites it’s probably not too much of a security concern.

There are many public proxy servers available – just try Googling for ‘free proxy server’. However many of the free ones plaster you with ads in return for their service. I have found a really good one with no ads at http://labnol-proxy-server.appspot.com/.

The proxy server above is created with Google App Engine. The creator even has a tutorial to show you how to make your own proxy server.

3. Use a VPN

A VPN is a secure connection from your computer to another computer or server. It works in pretty much the same way as a proxy sever, but it’s more secure. The TUVPN blog has a post that explains the differences between VPN and proxy servers.

The important thing is that using a VPN will also bypass the DNS block. If you only need to bypass these DNS blocks occasionally, Hotspot Shield is a free VPN service that you can use. It works for both Mac and PC and is a usable solution – just be prepared for the ads.

With great power comes great responsibility

I do not condone piracy. I believe that you should pay the content producers to support their work. The main reason I use VPNs is to get around Amazon.com’s geographic restrictions to buy digital content. Yes, I bypass filtering so that I can pay for content!

My guide here is to empower you with the knowledge to get around censorship from your government, ISP or employer if there are legitimate reasons for it. Use your knowledge wisely and responsibly!

If you found this article helpful, please share with your friends on Facebook and Twitter. Thanks!

See also: WirawanWeb.com has a similar article in Bahasa Melayu – Melepasi Sekatan Internet

Update: This article was mentioned in The Star, Malaysia’s largest English daily

Last modified: 30 June 2013

51 Comments on "What is a DNS block and 3 ways to get around it"

  • techno says

    tks. hehehe. it’ll be most useful to those not so IT savvy…..

  • jimbaok says

    thanz man,i need it to get past things the sole owner won’t mind sharing…where as for porn,i don’t need it!!!

  • jason says

    I love your way of putting your subtle disclaimer at the end. Kudos to you!

  • blogjunkie says

    Hi guys, thanks for your comments! Please share the article on Facebook and Twitter if you found it useful

  • ken says

    hi david, does the “Use another DNS Server” technique workable in an office network environment that already has a proxy?

    • blogjunkie says

      Hi Ken, I think it might. Give it a try and let us know?

    • yomi says

      not workable for office network environment when you’re not the administrator of the pc. tried and failed …. =(

      • blogjunkie says

        Yeah.. you would need administrator privileges to change settings on your PC or install apps. You could still use http://labnol-proxy-server.appspot.com/.

        • bob says

          or you could pre define the ip of the website your trying to get to by editing the C:\Windows\System32\drivers\etc\hosts
          file.
          or type the ip in your browser.

  • Jonathan says

    Hello David..thanks for your post on blocked sites..i’m sure many ppl out there may also be intrerested to know if its possible (or not) to get around sites blocked on office servers…Many office internet connections use simple, but highly effective website blocks such as “OPENDNS” and “UNTANGLE”. Which software can be installed) and then used to bypass these ‘special’ filteration block programs? Maybe another way is to use ‘camouflaged ip addresses’ provided by another sever? Thanks…Jonathan

    • blogjunkie says

      For corporate firewalls like that your only hope is to use a VPN. http://www.bolehvpn.net/ is a local VPN provider – best to ask them directly.

      • Jonathan says

        Thanks for the reply. I was looking for more of a ‘free software’ type that doesn’t require me to buy it online (and thus identify myself)…Perhaps if you were to come across any other way to directly access the internet (by cutting across corporate firewalls), i’d be very interested to know abt it (as i’m sure many other out there are also)…Thanks again for your feedback…Jonthan

  • footy says

    This is awesome. Thank you so much. I am able to access Megaupload and filestube now. This is going to sound bad…but I still can’t get through piratebay. xP

  • Stuffy says

    Thanks for the info

    When will the govt realize that no amount of blocking will stop determined individuals to bypass these restrictions?

    All they have done is invite the attention of those self-proclaimed vigilante hackers.

  • yuii says

    Hi David, you’re the best! Thanks so much for the info and details. A client of mine uploaded few hundred MB worth of pictures to yousendit.com and I had so much trouble trying to download it! It’s settled now!

  • Diaz says

    Hey David, does this method applicable to blocked WiFi?

    • blogjunkie says

      I think it depends on how your IT administrator has setup the network…

  • Casey says

    Hey my work blocks via open dns and everything is blocked games p2p face book proxy etc… But will hotspot shield go past that and I do have admin on my computer. So other than hotspur is there any other programs I can use so Monday I have a couple to try? I am going to try tcp/ip change in network connections. Please let me know

    • blogjunkie says

      Hi Casey, a quick Google search found a few alternatives but most costs money. Let us know how it works for you.

  • casey says

    when you use hotspot shield it goes online and creates vpn obviously lol but if they have that website that hotspot shield goes to to create a connection would it work or no ?

    • blogjunkie says

      Not sure what you’re asking, but if they block the Hotspot shield website, you may not be able to download it from work. If that’s the case, try downloading and saving it into a thumbdrive at home. Good luck..

      • Unixfly says

        There is a way around anything but I wouldn’t suggest it when you should be working instead of browsing the Internet at work. A simple option of bypassing anything is tunneling through DNS. Redirecting traffic to port 53 or use Internet available tunneling/proxy servers that use port 53/DNS to browse lol..

        Be careful

  • pete says

    Hey dav,

    I was actually very interested in your disclaimer because I too wish to buy digital content from amazon (they have really good $5 albums that I would love to buy).

    I was living at the states for a little while and since my debit card expried, I needed to get them to send my debit card to malaysia and ever since, Amazon knows that I don’t live in the US and wouldn’t let me buy their digital content.

    I was wondering how you went around this?

    Thanks

    • blogjunkie says

      Hey Pete, here’s how I buy digital stuff from Amazon.

      1. Buy Amazon electronic gift cards with your Malaysian credit card. You need to do this because will not accept credit cards issued outside the US.

      2. Activate Hotspot Shield and purchase the items with the gift card balance. (Hotspot Shield makes it appear that you are coming from the US).

      • Pete says

        Dude,

        first of all, thanks for getting back to me.

        Okay, so I am so adamant in purchasing music off amazon that I’ve got a US bank account in California AND in Pennsylvania and I tried purchasing music after turning on my hotspot shield and they still brought me to the page saying that they would only allow the purchase of music in the US.

        Could it be that my hotspot shield is outdated? So the hotspot + gift card works for you? My hotspot is good enough to play pandora (which is only available in the US) but Amazon still catches me! Dangit!

        Again, any help?

        and thanks for the quick feedback! : )

        • blogjunkie says

          Did you try to buy using your gift card balance?

          I’ve only used this method to buy Kindle books, so I can’t tell you with certainty that it works for digital music. I should try.. but what song should I buy..?

          • Pete says

            Ah, I tried the gift card one. But I didn’t try that with the hotspot shield. I will try that now.

            heh, Amazon has plenty of free music as well. Many samplers. But those songs are normally for more indie-ish people.

            I buy quite a lot of the $5 albums. Quite a discount compared to buying music here.

            Kindle huh? Do you own one? What kinda books do you read? I still think that the kindle books are a little too expensive considering that their variable cost is almost nil!

          • Pete says

            ah I finally understand why….

            It was because I was using G-Chrome. Google has a built in tracking software that zones in on where you’re at, bypassing the hotspot shield so that it’ll give you Malaysian oriented search results. I don’t know the details, but I think amazon kinda leaches of this. I mean, I suppose I only came across this blog because of that feature by google you know ; )

          • blogjunkie says

            Cool, I’m glad you figured it out

  • nice post.. thumbs up!

  • There’s a nice live Linux boot disc called MOFO Linux that nicely evades DNS filters. It has a list of unrestricted servers and randomly selects a pair to use each hour. http://www.ab9il.net/linux/mofo-linux.html

    Pretty slick.

  • Michael says

    Thank you so much! the google DNS worked perfectly

  • Sephine says

    So, what can I do to block network admin from seeing my browsing history?

  • Debashish says

    Hi,
    two months back, I changed my DNS to google dns and was able to access all the sites. But since last night even that is not working. I tried changing the DNS address to other open DNS bit still can’t get through to blocked sites. What should I do now?

    • David says

      Hmm.. maybe the sites were taken down for good? Are you sure they’re still up?

      • Nick says

        Somehow, they managed to make the internet completely shut off if you change the DNS to anything else. Quite irritating really. Can’t get on a majoity of needed sites.

  • Debashish says

    No they are not down…the sites are up…they are just being blocked. I checked them through “www.downforeveryoneorjustme.com” and they are up.

  • Madhavan says

    Nice guide man,now i understand how does DNS works!

  • James says

    Thx man this was really helpful

    • david says

      You’re welcome

  • ricky says

    hey, is there a way to get around the dns block if your running windows XP?

    • david says

      Both method 1 & 2 will work on Windows XP

  • nick says

    another free VPN is openVPN. I found it by googling open vpn, go figure.

  • michelle says

    So what do you do if the sites linked are blocked?

  • jjsmith says

    Using a VPN is a great idea. If you prefer to use an open source vpn solution, you can use OpenVPN client with VpnBook server.

  • yash says

    hi dear,
    jst tell me how to check names of all those blocked porn sites on DNS

  • biplob says

    nice post,usefull….thnx bro……..

  • puvenlin says

    Why some random websites (Yahoo/Google/etc) happen to work and do not work only sometimes randomly via streamyx? When this happens only the specific website does not work and other websites opens and works fine.

    If it’s removed from Streamyx DNS then it should not work always right? But why is it random even the server is not down for sure due to able to access with other network.

  • madu says

    Hi, i saw your comment in WordPress site related to indexing RSS feeds on google search, same problem is happening for me accidentally. i have not made any changes to SEO settings, now i’m seeing my RSS feeds are indexing in google search. How did you fix the issue?, how you removed the URL from search and indexed the actual one. can you help me please…

  • Travis Daniel says

    Thanks I can use Facebook on school WiFi networks

Trackbacks

  • Trackback from Stop SOPA and PIPA! « Mercurius blog

    […] due to outcry from many technical experts, allows for service providers to use a technique known as DNS (domain name system) blocking. DNS is, basically, the phone book that attaches a domain name with it’s IP address. Critics […]