back to article Malaysia's plan to block overseas DNS dies after a day

Malaysia's telecom regulator has abandoned a plan to block overseas DNS services a day after announcing it, following a sharp backlash and accusations of government overreach. Last Friday, the Malaysian Communications and Multimedia Commission (MCMC) published an FAQ [PDF] that stated it had instructed all ISPs to redirect …

  1. Anonymous Coward
    Anonymous Coward

    DNS

    Did Not Start

  2. Bebu
    Windows

    A different take on "its always DNS" ;)

    I assume they weren't blocking/redirecting DNS over HTTPS so fairly pointless from the outset.

    My guess only 53/udp (possibly 53/tcp but probably not) was being intercepted so running an overseas forwarder on port 5353 would work quite nicely if your resolver supports it or you do your own 53 -> 5353 redirection.

    That is without considering VPNs or SSH tunnelling etc etc.

    Globally politics, religion and morals enforcement seem to be completely incompatible with sane networking and security policies, reality or perhaps with sanity itself.

    1. RAMChYLD Bronze badge
      Black Helicopters

      Re: A different take on "its always DNS" ;)

      The problem is there are rumors that VPN blocking was also being considered. In fact, some ISPs like Maxis and Yes were already blocking VPN (I see a lot of complains on Lowyat.net about Maxis blocking VPN, and I was using Yes WiMax and experienced the blocking firsthand. I couldn't connect to PPTP endpoints and L2TP endpoints caused the modem to disconnect from the network and reboot).

      And yes, they were blackholing DNS over HTTPS and DNS over TLS. After the announcement people on Maxis, Yes and Time started getting DOH certificate errors.

      In either way I am already very frustrated with these clowns running the country and their lies. Unfortunately when the opposition is worse than this...

      1. O'Reg Inalsin

        Re: A different take on "its always DNS" ;)

        In the case of "DNS over HTTPS" I guess blackholing means blocking known DoH server addresses, right? (Because it's using HTTP port). The interesting thing is anyone should be able to rent, say, a virtual server in the US and set up and run their own private DoH server (simply converting to DNS on the backend). If you try to run one for many people, you'd be busted eventually, but a private one would be pretty safe.

        1. RAMChYLD Bronze badge

          Re: A different take on "its always DNS" ;)

          They were outright trying a MITM redirect attack on those using DOH. Many reported error messages saying that Cloudflare's DOH server were practically returning the certificate for Telekom Malaysia's DNS servers.

      2. Dimmer Silver badge

        Re: A different take on "its always DNS" ;)

        Earlier this year on a trip to Spain, local networks disrupted my OpenVPN as well.

        But, when I used AT$T’s data as a hot spot, it worked fine and appeared to be coming out on the east coast, USA.

        So, are they going to block AT$T tunnels and make the internet calling plans got to crap?

        1. plunet

          Re: A different take on "its always DNS" ;)

          They're not going to block roaming cellular traffic being tunnelled back to the subscribers home network. Even China doesn't do that.

          They're mainly looking to inconvenience/protect residents of Malaysia when using domestic internet access. Roaming access on foreign SIM cards isn't going to be a priority.

          1. RAMChYLD Bronze badge

            Re: A different take on "its always DNS" ;)

            "Protect" is too optimistic a word to use here. Their true intention is to block LGBTQ content so they can continue to vilify the LGBTQ community- the home clown already made it very clear that he hates the LGBTQ for some reason I can't wrap my head around, since he confiscated those Swatch watches and threatened Apple that they're not to bring their Pride Month bands into Malaysia, and having been ripped a new one by The 1975.

  3. Anonymous Coward
    Anonymous Coward

    As you point out, anyone with the know-how can find out how to defeat this.

    So they'll carry on regardless, without making a fuss that might draw more attention to what is going on "there isn't a problem here, it is so easy to get around, nothing for me to get upset about".

    Leaving the vast bulk of the population, who don't have a clue what DNS is, to be guided by the benevolence of the government's choice of what websites apparently exist.

    Maybe an "incompetent" implementation is cleverer than it looks.

  4. Pascal Monett Silver badge
    FAIL

    "It has been falsely claimed"

    It is disturbing to see that governments the world over are now prone to attacking the validity of a claim instead of proving any wrong (or justifying their position).

    A government states that it wants to block DNS. Citizens claim that that is a bad idea.

    That is not a false claim. It is a perfectly legitmate claim and, if the idea had any actual justification, you would not have backtracked a mere day after making the claim.

  5. Anonymous Coward
    Anonymous Coward

    TITSUP

    Total Inability To Subvert Useful Protocol?

  6. Anonymous Coward
    Anonymous Coward

    Just Fark The Hell Off!

    When there's a will, there's a way. However u wanna try to ban this ban that, restrict this forbid that, u think people would have no ways to break the firewall?

    Just as if one wants to implement filtration in information & content particularly for minors, they will find iinitiative to seek methods to doing so.

    We do not need u to treat us like young children or retards, so what if I want to watch porn, I wanna do whatever the hell I want that's all my own choice which u idiots from MCMC have absolutely no rights nor business in meddling or messing with, no thank you and fark the hell off!!

    Clearly u idiots are too free! I suggest u invest your time & effort which u r paid for To do jobs that are actually relevant & matter! U can fight off scams & online fraud, without needing to invade into our space to violate our rights & freedom! Plus, how much can u ban or control, really, how much - have u ppl even use the brains given To u to think for once, think it through of this ridiculous plan just how effective would it be without wasting more of tax payers money for nothing??!!!!

    If u really wanna stop all these illicit activities mentioned, in the name of safeguarding us in that lame justification which clearly nobody bought into it, perhaps, make Malaysia the first country in the world that ban internet access nationwide, cut off from the world so the world won't be able to sneak through the virtual world to harm the people! Duh!!!!!!!

    And that minster, with such random sudden order to drop this hideous policy that's pretty sure came from his office & instructions to implement so, has proven yet again just how he is getting so power hungry, being so authoritarian, loving how he can flaunt his power whip at just about anyone & everyone to unleash whenever he likes! The true colors have come out, he's just one of the dumbno ministers we have had in the past that think they are God sent, ultra superior where everyone must kowtow to his dominance as it seems. This is just another horrendous ideas of his, supposedly desperately to show how hard working, how proactive, how determined he is in his job, by doing some of the most irrelevant, unpopular, controversial, very much manage to piss huge amount of ppl off very effectively & promptly, opposed to what he wanted to come across as the most outstanding of all! We need to make him gone, he's no good as he's proven himself enough, we can't allow clowns with such ego that big that he starts to behave as if he rules the whole world & everyone must comply to his sets of rubbish!

    The worst part is, just when Malaysia is attracting more FDI into the country setting up more AI intelligence technology, cloud services, high end semiconductors etc, all because of our wide internet coverage & deep penetration with very high ratio of users in the region. They wouldn't come come in when the policy is very investor-unfriendly this huge of a turn off !

    Guess he's just another moron didn't try using his brains before wanting to implement so, then maybe got fried & roasted upside down as his behavior this uncalled for not only will anger the ppl also to scare off investors either are currently setting up their plants or in the process of making it to our shores, also those onlookers still observing closely to get very reassured before making any decisions so the risks are kept minimal. Obviously, none of them actually thought of the potential costly damage that may go irrepairable!

    Trying so too hard to prove for being that smart but turns out to be its assumption has only indicated just how un-smart they can be, how they expose their actual incompetence, lack of common sense, incapable of doing the jobs expected of them by doing something as stupid as it can be!!!

    Idiots!

  7. LovesTha

    Makes a lot of sense

    If you are going to DNS block websites it only makes sense to require everyone to use a DNS provider that is covered by the blocking rules.

    That people didn't complain about those blocks in a way that stopped it happening is the puzzling piece.

  8. Alan W. Rateliff, II

    Misinformation

    We have deemed our draconian measures to not be draconian. Therefore, any claims that these measures are draconian are incorrect.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like