Root server plugs China firewall leak

Autonomica, manager of one of the Internet's DNS root servers, has removed its Beijing node from service following reports of Chinese censorship leaking into the western world.

It was noticed last week that users outside China would sometimes receive bogus addressing information when looking up sites banned sites such as, but only when the query passed through the I-Root server's Chinese node.

The I-Root, which Autonomic manages, is one of 13 DNS root servers that provide the master address book of domain names on the Internet. When a query is made for “”, for example, the root servers provide the IP addresses for the “.com” registry.

Like many other root servers, I-Root uses the Anycast standard to physically locate itself in dozens of places around the world, including China, to increase redundancy and efficiency.

Autonomica, which is based in Sweden, has now essentially pulled its Beijing node offline.

“Once we had determined that the incorrect replies were associated with queries sent to our anycast node in Beijing, and we had performed some testing, we withdrew the announcements of the service from that location,” CEO Kurt Erik Lindvist said.

He added that the Beijing node was behaving identically to every other instance of the I-Root. It had not been hacked or had its data changed in any way, nor had there been a malfunction.

It seems that any leakage of bogus address information – which many suspect to be an artefact of Chinese censorship – was added by network providers somewhere between the Beijing node and the end user.

Lindqvist said Autonomica is talking to its Chinese partner, CNNIC, to see how the node can be reactivated.