The MCMC said at the time that the move was aimed at safeguarding the public from “harmful content,” namely the websites “related to online gambling, pornography, copyright infringement, scams, and other violations of Malaysian law.”
In the context of the Malaysia watchdog’s order for ISPs to redirect DNS queries, this means that if users try to use alternative DNS providers (like Google DNS, Cloudflare DNS, or AdGuard DNS), their queries will be intercepted and redirected to the ISP’s own DNS servers. That is all ostensibly for the purpose of protecting them from “harmful” websites.
However, it will be much more challenging for ISPs to do the same with the user requests sent over encrypted DNS protocols. Encrypted DNS protocols, while not yet mainstream, are gaining traction as they address the privacy issues inherent in unencrypted DNS. Several secure protocols are used to transmit these encrypted requests. The most widely adopted are DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). There is also a new cutting-edge protocol — DNS-over-QUIC (DoQ) that is superior to those two in terms of speed and reliability.
From a technical standpoint, such a feat is possible because ISPs have control over the DNS traffic that passes through their networks. However, an important distinction should be made here. If you use an unencrypted, plaintext DNS server that uses either IPv4 or IPv6 protocols to return IP addresses, then your Internet provider can see what websites you’re visiting. That means your DNS queries and responses can be read, intercepted and potentially modified by anyone who has access to the network traffic, first and foremost, your ISP. Historically, the DNS traffic has been unencrypted, so this is the case for most users.
Malaysian government and MCMC is rolling out its DNS block, starting with Kuala Lumpur - Selangor area. We used to use DNS to bypass MCMC block in order to access blocked website like MalaysiaKini, SarawakReport and etc.
With the DNS block, we can no longer access the public DNS like CloudFlare DNS, Google DNS, therefore all domain name (like www.MalaysiaKini.com) will be resolved by TM DNS. If TM DNS is blocking the domain, then we may no longer connect to the website itself.
In short, Malaysian government is upping its game in Internet censorship, effectively doing what China's Great Firewall has been doing.
The only solution will be VPN (at the moment, before they implement VPN block)
Current known affected ISP including Maxis, TM, TIME.
No comments:
Post a Comment