Jitters as China firewall leaks

With Internet relations with China already strained, nerves were jangled further this week when a key part of the domain name system infrastructure was found giving out bogus addresses for popular web sites.

A post on the DNS-ops mailing list from a manager at Chile's domain name operator suggested that queries to a DNS root server in China resulted in false IP addresses for YouTube, Facebook and Twitter.

This observation naturally caused concern, coming the same week as Google and Go Daddy pulled out of their China businesses complaining about civil rights abuses.

The server in question was part of the I-Root constellation, one of the Internet's 13 logical DNS root servers, which is managed primarily from Stockholm by Swedish firms Autonomica and Netnod.

For resilience and redundancy, most of the 13 roots, including I-Root, use Anycast to spread themselves between dozens of physical nodes in dozens of countries, including China.

The problem noticed by the Chilean operator only applied to nodes in China, and there was no suggestion that the I-Root was otherwise unreliable or that its managers had done anything wrong.

China censoring its own citizens' Internet access using bad DNS is nothing new, of course, but there have been only a handful of previous occasions where its bogus addressing information has leaked out to the wider world.

I-Root is investigating the problem.