Apr 212010

There are really two common ways of limiting the internet access: Domain Name System (DNS) redirecting and Deep packet inspection (DPI).

What is Domain Name System?

In order to make it understandable for people, who are not into the whole Internet technology I will ignore irrelevant exceptions in my following explanation.

DNS is the method to resolve an IP-address. In the World Wide Web (www) every device that is connected to the internet has an IP. While your private IP may change, Web servers have a static IP. You could surf the net by using IPs, but since remembering whole IP addresses is not comfortable the DNS was invented. It basically works as following:

  1. You type the desired URL into your browser e.g. www.ixquick.com
  2. Your browser connects to the DNS server and asks: “how is the IP of www.ixquick.com?”
  3. The DNS server answers: “The IP address is:”
  4. Your web browser then connects to the IP told and displays the desired page for you.

You can try this by copying the IP into your browser or clicking the LINK.

How does DNS redirecting work?

In order to block sites with this method the DNS has to be manipulated. This would mean, that the DNS either doesn’t answer to certain questions or lies. In the case of Germany, answers to certain requests, would have lead you to a sites with a big red stop sign. Fortunately the web blocks were declared unconstitutional.

By default Your Internet Service provider (ISP) is your DNS. The following video shows, how you can change the DNS to a free one (27 sec long):

German Interview on Deep packet inspection

For my non German readers:

What is a packet?

In the Internet any kind of data is transported via packets. Like packets in the real world, they have a sender address (sender IP address) and a receiver address (receiver IP address) written on them. Usually any router (postman) looks at the zip code and later the address to get the packet were it is supposed to go.

How does Deep packet inspection work?

DPI means, that the router (postman) opens every packet he gets. He then decides if the packet has to be delivered fast, slow or if he even has to change, delete or report to the police.

DPI itself is a technology, Just like P2P, Dynamite and radiation; it can be used for good and bad things.

Good examples are IP-TV and IP-calls. Calling a friend over Skype while downloading a large file would not be important, if it wasn’t for DPI. This is usually done by your local router. The associated feature is called Quality of Service (QoS).

Bad examples: Some ISPs started blocking certain traffic. The first step is usually to limit certain downloads. Telekom block IP-calls on the iPhone, because they want their customers to pay them and not use some free service like Skype. In China one provider even deleted certain content from websites and replaced it with commercial for penis enlargement and other commercials, but that was only temporally.

  One Response to “Internet blocking from a technical point of view”