Comment by Hizonner

Comment by Hizonner 4 days ago

> You can only point to IPs in China from DNS servers in China - if you try to use, say, Route53 in the US and add an A record there, you'll get a nasty email (fail to comply, and your ports get blocked again, possibly for good).

Wait what? So I can DoS any Web site in China by creating a rogue DNS record that points to its IP address, even under a completely unrelated domain? How would they even find those records?

hunter2_ 4 days ago

I guess they would find it the moment someone in China using a Chinese resolver tries to resolve your rogue record, since that would recurse to one of the root mirrors in China, which presumably feeds this mechanism.

Seems like a very minor speed bump in your plan, though: presumably something like https://www.chinafirewalltest.com would achieve that, or send a few emails for folks to click.

Reply View 1 reply

Hizonner 4 days ago

I swear to use this power only for lulz.

Reply View | 0 replies

fc417fc802 4 days ago

I wonder if this is actually tied to Chinese domains and Chinese run registrars? That way it would be easy to flag the usage of foreign nameservers and there's no DoS risk.

Reply View 0 replies