Did Malaysia just block use of public DNS servers?!

Spread the love

Did MCMC just block the use of public DNS servers in Malaysia?! Here is what we know so far…

 

MCMC blocks public DNS servers only for business and government?

According to an FAQ posted by Maxis, the Malaysian Communications and Multimedia Commission (MCMC) has ordered all Internet service providers in Malaysia to implement DNS redirection for businesses, governments, and enterprises by 30 September 2024.

DNS redirection basically blocks the use of public DNS servers, by redirecting DNS queries to the ISP’s own DNS servers, where certain websites can be blocked by government directive. In other words – DNS redirection prevents people from circumventing the ISP’s own DNS servers (and the government’s block list).

The Maxis FAQ, which is titled Maxis Business DNS Redirection, states that ISPs in Malaysia were ordered to implement DNS redirection for business/enterprise/government users, blocking their access to public DNS servers.

However, it now appears that the directive may actually apply to everyone in Malaysia, not just business, enterprise, or government users. Or the ISPs may be implementing the directive across the board. Here is what we know so far…

Recommended : MCMC orders DNS redirection for business and government!

MCMC orders DNS redirection for business and government!

 

Public DNS servers appear to be blocked in Malaysia!

As far as I can tell, MCMC has not officially announced its DNS redirection order to ISPs. All we are relying on so far is the Maxis FAQ on DNS redirection, which suggested that it applied only to businesses, enterprises, and government agencies.

Why is DNS redirection being implemented for Enterprise/Business/Government services?

DNS redirection is being implemented to assist in preventing the commission or attempted commission of an offence under any written laws of Malaysia or otherwise in enforcing the laws of Malaysia. By blocking access to harmful websites more effectively and quickly, this proactive measure helps ensure compliance. This is particularly important for Enterprise/Business/Government, as it will also reduce the risk of reputational damage and inadvertent commission of offence.

However, the Maxis FAQ also states, in a different section, that “all service providers must implement this measure, and it applies to to all users of their services“, our emphasis in bold below:

The implementation of DNS redirection is a regulatory requirement enforced by MCMC to ensure compliance with Malaysian laws and to protect users from harmful online content. All service providers must implement this measure, and it applies to all users of their services.

If that’s accurate, then the MCMC directive to block the use of public DNS servers may apply to consumer users as well, not just business, enterprise, or government users.

Recommended : Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

Regular Internet users in Malaysia have started reporting (here, here) that they are no longer able to use public DNS servers from Google or Cloudflare.

The affected ISPs so far appear to be Telekom Malaysia (Unifi), Time, and Maxis. Digi and Celcom appear to be unaffected … so far.

We tested on Unifi and Digi Broadband, and confirmed that we cannot connect to Google DNS (8.8.8.8 / 8.8.4.4) or Cloudflare DNS (1.1.1.1). You can test it out yourself using these methods:

Using any Internet browser

Using any Internet browser, just go to the Cloudflare public DNS website – https://1.1.1.1/, which will appear in your Internet browser as https://one.one.one.one/.

But if your ISP has implemented DNS redirect, both domains are no longer accessible. Our tests on Friday, 6 September 2024 show:

Unifi : Unable to connect
Digi Broadband : Connects normally

Recommended : Microsoft / CrowdStrike: Who is responsible for global IT outage?

Did Malaysia just block use of public DNS servers?!

Using Traceroute / Tracert

For the more technically-inclined, you can try using traceroute (macOS / Linux) or tracert (Windows), to see if your computer can connect to your preferred public DNS server – for example, 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google).

It’s pointless to use ping, because pings to the public DNS server IP will get redirected to the ISP’s own DNS server, and you will still get a response.

Using traceroute to connect to 8.8.8.8, our tests on Friday, 6 September 2024 show:

Unifi : Redirected

  1. 192.168.0.1 (192.168.0.1)
  2. jhb-113-254-tm.net.my (203.106.113.254)
  3. 10.55.52.54 (10.55.52.54)
  4. 10.55.52.90 (10.55.52.90)
  5. 10.55.52.54 (10.55.52.54)
  6. 10.19.129.65 (10.19.129.65)

Digi Broadband : Not redirected

  1. 192.168.1.1 (192.168.1.1)
  2. 172.16.136.1 (172.16.136.1)
  3. 115.164.8.106 (115.164.8.106)
  4. 72.14.243.96 (72.14.243.96)
  5. dns.google (8.8.8.8)

As you can see, the traceroute showed that requests to Google DNS (8.8.8.8) on the Unifi network were routed to a Telekom Malaysia server (10.19.129.65) instead.

On the other hand, the same requests on the Digi Broadband network still get routed to Google DNS (8.8.8.8) as intended.

Recommended : Malaysia Airlines 6 Months Free Flight Card Scam Alert!

Kitten Facepalm

So it does appear that some Internet service providers in Malaysia have started to block access to public DNS servers by redirecting DNS queries to their own DNS servers. However, it is uncertain if MCMC actually ordered those ISPs to implement DNS redirection for consumers.

The blocking of public DNS servers will not matter to people who don’t know how to use these public DNS servers. But it will matter a lot to Malaysian netizens who want to use public DNS servers for faster performance, better privacy and security, as well as bypass government censorship. Some will inevitably see this as a step towards China’s Great Firewall.

While the goal of blocking dangerous or scam websites is admirable, that is already served by existing bans of those websites on the ISP level for regular users. People who are tech-savvy enough to configure their computers to use public DNS servers would know better than to fall for those websites.

Hopefully, MCMC only issued that DNS redirection directive for business/enterprise/government users, and Malaysian ISPs will roll back the implementation for consumers.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Internet | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

About The Author

Leave a Reply