Tag Archives: DNS

Malaysia reverses decision to block public DNS servers!

Malaysia just reversed its controversial decision to block use of public DNS servers using DNS redirection! Here is what you need to know…

 

Malaysia orders DNS redirection, affecting consumers too!

According to an FAQ posted by Maxis, the Malaysian Communications and Multimedia Commission (MCMC) has ordered all Internet service providers in Malaysia to implement DNS redirection for businesses, governments, and enterprises by 30 September 2024.

DNS redirection basically blocks the use of public DNS servers, by redirecting DNS queries to the ISP’s own DNS servers, where certain websites can be blocked by government directive. In other words – DNS redirection prevents people from circumventing the ISP’s own DNS servers (and the government’s block list).

The Maxis FAQ, which is titled Maxis Business DNS Redirection, states that ISPs in Malaysia were ordered to implement DNS redirection for business/enterprise/government users, blocking their access to public DNS servers.

However, it now appears that the directive actually applied to everyone in Malaysia, not just business, enterprise, or government users!

Recommended : Did Malaysia just block use of public DNS servers?!

 

Malaysia reverses DNS Redirection decision!

After news broke that MCMC quietly ordered Internet service providers to implement DNS redirection in Malaysia, there was a public outcry, and people started looking up ways to bypass it.

The public outrage proved too much for the Malaysian government, and it backtracked on that controversial decision. On Sunday, 8 September 2024, Malaysia Communications Minister Fahmi Fadzil announced that he asked MCMC not to proceed with its DNS redirection directive.

… considering the feedback received through a series of engagements with @MCMC_RASMI and the public, I have requested that MCMC not proceed with the implementation of the Domain Name System (DNS) management redirection method.

At the same time, MCMC will continue its engagement series with all stakeholders to gather views, suggestions, and recommendations to ensure that the goal of a safer internet can be collectively achieved.

With that, Malaysia officially reversed its DNS Redirection decision within days of the news breaking.

There is no doubt that this reversal was due to many Malaysian netizens who spoke up against the controversial decision to hijack access to public DNS servers. So kudos to everyone who spoke up.

It is encouraging to see that public dissent can still force the government of the day to reverse controversial directives. But perhaps the government can avoid such controversies in the future by getting feedback from the public before quietly issuing controversial directives.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Internet | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Malaysia just block use of public DNS servers?!

Did MCMC just block the use of public DNS servers in Malaysia?! Here is what we know so far…

 

MCMC blocks public DNS servers only for business and government?

According to an FAQ posted by Maxis, the Malaysian Communications and Multimedia Commission (MCMC) has ordered all Internet service providers in Malaysia to implement DNS redirection for businesses, governments, and enterprises by 30 September 2024.

DNS redirection basically blocks the use of public DNS servers, by redirecting DNS queries to the ISP’s own DNS servers, where certain websites can be blocked by government directive. In other words – DNS redirection prevents people from circumventing the ISP’s own DNS servers (and the government’s block list).

The Maxis FAQ, which is titled Maxis Business DNS Redirection, states that ISPs in Malaysia were ordered to implement DNS redirection for business/enterprise/government users, blocking their access to public DNS servers.

However, it now appears that the directive may actually apply to everyone in Malaysia, not just business, enterprise, or government users. Or the ISPs may be implementing the directive across the board. Here is what we know so far…

Recommended : MCMC orders DNS redirection for business and government!

 

Public DNS servers appear to be blocked in Malaysia!

As far as I can tell, MCMC has not officially announced its DNS redirection order to ISPs. All we are relying on so far is the Maxis FAQ on DNS redirection, which suggested that it applied only to businesses, enterprises, and government agencies.

Why is DNS redirection being implemented for Enterprise/Business/Government services?

DNS redirection is being implemented to assist in preventing the commission or attempted commission of an offence under any written laws of Malaysia or otherwise in enforcing the laws of Malaysia. By blocking access to harmful websites more effectively and quickly, this proactive measure helps ensure compliance. This is particularly important for Enterprise/Business/Government, as it will also reduce the risk of reputational damage and inadvertent commission of offence.

However, the Maxis FAQ also states, in a different section, that “all service providers must implement this measure, and it applies to to all users of their services“, our emphasis in bold below:

The implementation of DNS redirection is a regulatory requirement enforced by MCMC to ensure compliance with Malaysian laws and to protect users from harmful online content. All service providers must implement this measure, and it applies to all users of their services.

If that’s accurate, then the MCMC directive to block the use of public DNS servers may apply to consumer users as well, not just business, enterprise, or government users.

Recommended : Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

Regular Internet users in Malaysia have started reporting (here, here) that they are no longer able to use public DNS servers from Google or Cloudflare.

The affected ISPs so far appear to be Telekom Malaysia (Unifi), Time, and Maxis. Digi and Celcom appear to be unaffected … so far.

We tested on Unifi and Digi Broadband, and confirmed that we cannot connect to Google DNS (8.8.8.8 / 8.8.4.4) or Cloudflare DNS (1.1.1.1). You can test it out yourself using these methods:

Using any Internet browser

Using any Internet browser, just go to the Cloudflare public DNS website – https://1.1.1.1/, which will appear in your Internet browser as https://one.one.one.one/.

But if your ISP has implemented DNS redirect, both domains are no longer accessible. Our tests on Friday, 6 September 2024 show:

Unifi : Unable to connect
Digi Broadband : Connects normally

Recommended : Microsoft / CrowdStrike: Who is responsible for global IT outage?

Using Traceroute / Tracert

For the more technically-inclined, you can try using traceroute (macOS / Linux) or tracert (Windows), to see if your computer can connect to your preferred public DNS server – for example, 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google).

It’s pointless to use ping, because pings to the public DNS server IP will get redirected to the ISP’s own DNS server, and you will still get a response.

Using traceroute to connect to 8.8.8.8, our tests on Friday, 6 September 2024 show:

Unifi : Redirected

  1. 192.168.0.1 (192.168.0.1)
  2. jhb-113-254-tm.net.my (203.106.113.254)
  3. 10.55.52.54 (10.55.52.54)
  4. 10.55.52.90 (10.55.52.90)
  5. 10.55.52.54 (10.55.52.54)
  6. 10.19.129.65 (10.19.129.65)

Digi Broadband : Not redirected

  1. 192.168.1.1 (192.168.1.1)
  2. 172.16.136.1 (172.16.136.1)
  3. 115.164.8.106 (115.164.8.106)
  4. 72.14.243.96 (72.14.243.96)
  5. dns.google (8.8.8.8)

As you can see, the traceroute showed that requests to Google DNS (8.8.8.8) on the Unifi network were routed to a Telekom Malaysia server (10.19.129.65) instead.

On the other hand, the same requests on the Digi Broadband network still get routed to Google DNS (8.8.8.8) as intended.

Recommended : Malaysia Airlines 6 Months Free Flight Card Scam Alert!

So it does appear that some Internet service providers in Malaysia have started to block access to public DNS servers by redirecting DNS queries to their own DNS servers. However, it is uncertain if MCMC actually ordered those ISPs to implement DNS redirection for consumers.

The blocking of public DNS servers will not matter to people who don’t know how to use these public DNS servers. But it will matter a lot to Malaysian netizens who want to use public DNS servers for faster performance, better privacy and security, as well as bypass government censorship. Some will inevitably see this as a step towards China’s Great Firewall.

While the goal of blocking dangerous or scam websites is admirable, that is already served by existing bans of those websites on the ISP level for regular users. People who are tech-savvy enough to configure their computers to use public DNS servers would know better than to fall for those websites.

Hopefully, MCMC only issued that DNS redirection directive for business/enterprise/government users, and Malaysian ISPs will roll back the implementation for consumers.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Internet | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysia orders DNS redirection for business and government!

MCMC has ordered ISPs in Malaysia to implement DNS redirection for businesses, enterprises, and government agencies! Here is what you need to know…

 

Malaysia orders DNS redirection for business and government!

According to an FAQ posted by Maxis, the Malaysian Communications and Multimedia Commission (MCMC) has ordered all Internet service providers in Malaysia to implement DNS redirection for businesses, governments, and enterprises by 30 September 2024.

The Maxis FAQ, which is titled Maxis Business DNS Redirection, states that this directive by MCMC is meant to “protect users from harmful or illegal online content” by blocking access to “websites involved in online gambling, pornography, copyright violations, scams, and other illegal activities.”

Recommended : Did Malaysia just block use of public DNS servers?!

Here is a quick primer on what DNS redirection would mean for Malaysian businesses, enterprises and government agencies.

What is DNS?

When you visit a website, you will normally key in a user-friendly name (like www.techarp.com), but the website itself uses a numerical IP address (like 192.0.2.1).

DNS translates that user-friendly name into the correct IP address, so your computer can access the website.

What is DNS redirection?

By default, most people use the DNS servers provided by their Internet service provider. However, some people choose to use alternative DNS servers from Google or Cloudflare for privacy, faster speeds, or to avoid censorship.

DNS redirection prevents that by redirecting all DNS queries from your phone or computer to the ISP’s own DNS servers, where certain websites can be blocked by government directive. In other words – DNS redirection prevents people from circumventing the ISP’s own DNS servers (and the government’s block list).

Is DNS redirection good or bad?

Blocking access to illegal, or dangerous websites is important for businesses, enterprises, and government agencies, because it reduces the risks of reputational damage, and prevents the inadvertent commission of offence by employees. Blocking scam websites is also an important way to prevent people and companies from getting scammed.

On the other hand, public DNS servers from Google and Cloudflare offer faster speeds with lower latency, and block tracking by ISPs or governments. They also offer enhanced security using DNSSEC – DNS Security Extensions.

Recommended : Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

Which Malaysian ISPs are affected?

According to the Maxis FAQ, this MCMC directive affects all ISPs offering both mobile and fixed Internet services in Malaysia.

Who will be affected by DNS redirection?

According to the Maxis FAQ, this MCMC directive primarily affects Business / Enterprise / Government customers who use public DNS services. But there are already reports that consumer DNS queries have also been redirected.

Interestingly, the Maxis FAQ also states, in a different section, that “all service providers must implement this measure, and it applies to to all users of their services“. So this MCMC directive may actually apply to consumer users, and not just business, enterprise, or government users.

Which DNS services are affected?

According to the Maxis FAQ, this directive currently affects public DNS services like Google DNS and Cloudflare. OpenDNS was not mentioned, but is likely to be affected too.

Private DNS servers, and encrypted DNS queries like DNS over HTTPS (DoH) or DNS over TLS (DoT) are not affected.

Recommended : Microsoft / CrowdStrike: Who is responsible for global IT outage?

When must Malaysian ISPs implement DNS redirection?

According to the Maxis FAQ, MCMC ordered all Internet service providers in Malaysia to implement its DNS redirection directive by 30 September 2024.

Users on Time, Telekom Malaysia and Maxis networks have reported that DNS redirection is already in effect.

How to check if DNS redirection has been implemented?

DNS redirection is designed to block access to websites deemed illegal by the government of Malaysia. If you access a blocked website, it will be inaccessible.

You can also test by trying to go to the Cloudflare DNS website – https://1.1.1.1/ using your Internet browser. If you see “Unable to connect”, instead of the 1.1.1.1 website, then your DNS queries are being redirected to your ISP’s own DNS servers.

Alternatively, techies can use the tracert command (in Windows command prompt), or traceroute command (in macOS Terminal) to connect to the alternative DNS server (like 1.1.1.1 or 8.8.8.8), and see if it gets routed properly.

If the trace route shows your query ending in a different IP address than the alternative DNS server you selected (like 1.1.1.1 or 8.8.8.8), then it is being redirected.

Can you opt out of DNS redirection?

No, unfortunately – you are not allowed to opt out, because it’s a regulatory requirement by MCMC.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Internet | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Steam Is Suddenly Banned Entirely In Vietnam!

Steam has suddenly been banned entirely in Vietnam! Here is what we know so far about this developing situation…

 

Steam Is Suddenly Banned Entirely In Vietnam!

Earlier this week, Steam appears to have been banned entirely across Vietnam, with Vietnamese players taking to Steam to complain about how Vietnamese internet service providers have blocked access to both the Steam app, and the Steam website.

Currently, neither the government of Vietnam, nor Steam, has commented on the matter. So it is unclear, at least officially, what led the Vietnamese government to ban Steam. However, it appears that domestic game publishers in Vietnam may be responsible for this ban…

Recommended : Circus Electrique : How To Get This Game For Free!

 

Possible Reasons Why Steam Was Banned In Vietnam!

According to a translated story on VietNamNet, domestic game publishers were more than a little annoyed that Steam was releasing thousands of titles into their market “without having to ask for permission”, which they saw as “an injustice”.

Less controversially, domestic game developers pointed out that they are required to censor violence and sexual content from their games, while Steam freely offers such uncensored games to Vietnamese gamers.

VietNamNet then suggested that a possible middle path might be to use a restricted version of Steam in Vietnam, like what was done for China, serving a much more limited number of game titles that the authorities have approved.

Steam is Valve’s video game distribution service launched in 2003 as a software application that automatically delivers games and was expanded to distribute third-party titles.

Talking to VietNamNet, many domestic game publishers believe that they are being treated unfairly, when the Steam platform is releasing more than 100,000 unlicensed computer (PC) games into the Vietnamese market.

It is unknown when Steam will be reinstated in Vietnam, if ever. What seems certain though is that Vietnamese gamers will not be able to access Steam in its current form…

 

A Possible Workaround To Access Steam In Vietnam!

Enterprising gamers have been able to bypass the ban on Steam in Vietnam by simply changing the DNS servers used by their computers, or routers.

Here is a quick guide on how to do that in Windows:

  1. Go to Network & Internet settings.
  2. Select the Change adapter options.
  3. Right click on your Wi-Fi or LAN connection, and select Properties.
  4. Double-click on Internet Protocol Version 4, or select it and click Properties.
  5. Switch to Use the following DNS server addresses.
  6. Then key in the alternate DNS addresses from one of these excellent options:

Cloudflare
Primary DNS : 1.1.1.1
Secondary DNS : 1.0.0.1

Google
Primary DNS : 8.8.8.8
Secondary DNS : 8.8.4.4

NordVPN
Primary DNS : 1.1.1.1
Secondary DNS : 1.0.0.1

  1. After keying in the DNS servers you want, click OK, and you are done!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Gaming | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Find out why they all went down at the same time, and for so long!

 

Facebook, Messenger, WhatsApp, Instagram + More DOWN!

The entire slew of messaging and social media platforms owned by Facebook was inaccessible for about six hours, including :

  • Facebook
  • Facebook Messenger
  • WhatsApp
  • Instagram
  • Oculus
  • Workplace

The failure also extended to Facebook authentication, which you may be using to log into third-party apps and games, with Pokemon Go and Match Master gamers have reported problems logging in.

This left Twitter as the only major social media network still up and running, which is ironic since it became the only way for Facebook to reach out to the world…

This massive outage couldn’t come at a worse time for Facebook, whose stock slumped about 5.5% after former employee and whistleblower, Frances Haugen, leaked internal documents to the Wall Street Journal.

She also accused her former firm of repeatedly and knowingly allowing the proliferation of hate speech and misinformation for profit. Really tough times for Team Zuckerberg indeed…

Even Edward Snowden chimed in, saying that the world has become a healthier place for one shining day…

 

Why Did Facebook, Messenger, WhatsApp, Instagram, etc. Go DOWN?

This massive, unprecedented GLOBAL outage appears to be caused by a DNS (Domain Name Server) failure.

The DNS service “translates” the plaintext link we use (www.facebook.com for example) into its actual numerical IP address (123.123.123.123 for example), allowing your app or browser to connect to the right server.

Without a working DNS service, no one is able to connect to any Facebook-owned service because the Internet no longer knows how to locate the right server.

CloudFlare senior vice-president Dane Knecht shared that the Facebook BGP (Border Gateway Protocol) routes have been “withdrawn from the Internet”, causing failure to connect through CloudFlare’s DNS service.

This was likely due to a configuration error on Facebook’s side, but coming one day after the story broke on Frances Haugen? It would be folly to rule out internal sabotage or a rush to remove some controversial features before she testified to the US Congress.

The conspiracy theory that it was a DDOS (Distributed Denial-of-Service) attack by Anonymous or some vigilante group is really farfetched. It would require an incredible amount of resources and coordination to not only bring down Facebook, but all the other services as well… at the same time!

Read more : Did 13 Year Old Sun Jisu Hack Facebook, WhatsApp, Instagram?

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, later confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

He also asserted that it was a faulty configuration change, and no user data was compromised.

Our services are now back online and we’re actively working to fully return them to regular operations. We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.

While he blamed “the underlying cause” for impacting their ability. to “quickly diagnose and resolve the problem”, it is notable that it took Facebook engineering teams more than 6 hours to resolve a DNS failure.

It is now believed that the changes were made to Facebook’s Border Gateway Protocol, a mechanism that exchanges routing information to help figure out the fastest route for any request.

Apparently, the changes “withdrew” Facebook services from the DNS system, making it impossible for anyone to connect to them.

Even worse, Facebook ran their own systems through the same servers, so everything from engineering tool, messaging services and even security systems that controlled the key fob locks were no longer accessible.

So their engineering team had to rush to their data centres to manually reset the servers there.

Needless to say, this will be a big wake-up call for their engineering teams, and in the words of Russell Peters – “Somebody’s gonna get a hurt real bad!

It is also a big wake-up call for everyone using Facebook services. This massive outage is a reminder that we should NOT put all our eggs in one basket.

I believe it will at least temporarily spur the adoption of alternative messaging services like Telegram and Signal. Even Twitter should see a nice boost in Tweets and maybe new users.

Now, I’m not into conspiracy theories… but what are the odds of this failure happening just one day after Frances Haugen came out publicly against Facebook, and a day before she was set to testify before the US Congress?

Could these “configuration changes” be designed to remove some controversial features before Haugen’s testimony to the US Congress?

Could Facebook’s own engineering team have accidentally triggered the failure in their rush to remove those controversial features before she testified?

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Internet | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Heads Up! ICANN Rolling DNS Key Change In October!

Los Angeles, California – For the first time ever, the Internet Corporation for Assigned Names and Numbers (ICANN) is about to change the cryptographic keys that help secure the Internet’s Domain Name System (DNS).

“It is critical that Internet Service Providers and network operators around the world make certain they are ready for this change as failure to do so can result in their users being unable to look up domain names and thus be unable to reach any site on the Internet” said David Conrad, ICANN’s Chief Technology Officer. Conrad added, “Network operators should ensure they have up-to-date software, have enabled DNSSEC, and verified that their systems can update their keys automatically or they have processes in place to manually update to the new key by 1600 UTC on 11 October 2017.”

 

The ICANN DNS Key Change

The changing, or “rolling” of the DNS key, is an important step in keeping the global DNS safe and secure. It is very much in line with commonly accepted operational practices that ensure that important security infrastructure can support changing password if the need were to ever arise.

[adrotate group=”2″]

“We’ve launched a testing platform so network operators can make certain that they are ready for the key roll well ahead of October 11,” said Conrad. That testing platform can be accessed at https://go.icann.org/KSKtest. Internet users should contact their ISP or network operators to make certain they are ready for the key change.

ICANN has been working with technical partners such as the Regional Internet Registries, Network Operations Groups, and domain name registries and registrars as well as others in the Internet ecosystem, such as the Internet Society and Internet trade associations, to make certain that those around the world who may be impacted by the key roll are aware of the pending change.

ICANN Chief Executive Officer Göran Marby has sent correspondence to more than 170 government officials including regulators and participants in ICANN’s Government Advisory Committee, asking that they make certain the network operators in their respective countries are aware and ready for the DNS key change.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!