Last week, many of China’s major websites were inaccessible for nearly 24 hours to Chinese internet users. Chinese users trying to reach a range of websites ending in .com were re-routed instead to an IP address owned by Dynamic Internet Technology, which is the provider of the circumvention tool Freegate. DIT has been closely affiliated with the Falun Gong, a religious organization banned in China.
GreatFire.org, which examines Chinese censorship, has a detailed report investigating this outage, illuminating that all attempts within China to visit popular websites such as Sina Weibo, Baidu, etc. would be incorrectly re-routed to 220.127.116.11 (an IP address in Wyoming).
While state news agency Xinhua raised the possibility of hacking, and CNNIC attributed the breakdown to a "root server for top-level domain names", others blame the breakdown on a failure of the Great Firewall. As Chinese internet censorship expert Xiao Qiang states to Reuters, "It all points to the Great Firewall, because that's where it can simultaneously influence DNS resolutions of all the different networks (in China). But how that happened or why that happened we're not sure. It's definitely not the Great Firewall's normal behavior."
Proper implementation of a DNS to match the domain name and the IP address of a website or web service is critical to ensuring that the Internet functions properly. As GreatFire points out, DNS poisoning, or hijacking of DNS routing to send a visitor to an incorrect domain name or IP address, is a technique deployed by the Great Firewall to render ‘blacklist’ websites inaccessible.
What we can learn from this outage on the Chinese internet is that sustained attempts to prevent access to wide swaths of online content can lead to serious breakdowns in being able to conduct basic actions over the internet. While I personally doubt that this will lead to a full abandonment of the Great Firewall, it is a poignant example of the weak points of the Chinese internet censorship model.