Towards Automated DNS Censorship Circumvention
Authors: Felix Lange (Paderborn University), Niklas Niere (Paderborn University), Juraj Somorovsky (Paderborn University)
Year: 2026
Issue: 1
Pages: 1–10
Abstract: Censorship is employed by many governments and ISPs worldwide, with an increasing trend in recent years. One of the most censored protocols is DNS: censors target unencrypted and encrypted DNS to prevent clients from resolving the domain name of unwanted websites. Despite much research on DNS censorship, only a few tools can circumvent it.To support users affected by DNS censorship, we present DPYProxy-DNS, a DNS resolver that automatically detects and employs a working DNS censorship circumvention. We demonstrate the effectiveness of DPYProxy-DNS by automatically circumventing DNS censorship in China and Iran and analyzing DNS censorship mechanisms in these countries. Our analyses reveal that DNS censorship in Iran is ineffective against encrypted DNS. In China, DPYProxy-DNS revealed two consistently working circumvention techniques for unencrypted DNS: TCP segmentation for DNS over TCP and ignoring DNS responses injected by the Great Firewall of China (GFW). Our findings reveal varying levels of DNS censorship across different countries, underscoring the importance of the automated circumvention approach we provide with DPYProxy-DNS.
Copyright in FOCI articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
