Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X

Bypass Unifi blocking and censoring using a DNS switch or VPN connection

If you’re on Unifi you might have noticed that some sites are blocked and it’s due to government directives to block these sites.  Now that goes against what the Government of Malaysia promised it’s stakeholders during the advent of the MsC, in which it promised to not censor the internet. If you remember, somewhere in August 2008, the government issued a similar directive to censor Malaysia Today.

So what’s a average user to do to bypass these internet blocks. The blocks themselves are issued by the government and issued to all ISPs, fortunately there are a couple of ways to bypass these internet blocks which amount to censorship, and it depends on what kind of mechanism your ISP uses to block it. I’m all for a free internet and here are some ways you can bypass those blocks.

A Domain Name Server (DNS) block

So let’s focus on the simplest mechanism the ISPs use to block the internet, and that’s a DNS block. A Domain Name Server (DNS) is a server that works in a similar fashion to a phone directory– you know that big book of phone numbers the telephone company use to give out.

What is a DNS?

So imagine the internet was like your phone network, and every website you wanted to call had a phone number, you may know the websites name like www.google.com or www.keithrozario.com, but in order to actually visit any website you’d need to know it’s IP address. A IP address is exactly like a phone number, in that once you have it you could just type it in an visit the website, however if you don’t have the websites IP address you’d need to look it up. A DNS would act as a phone directory, just that in a phone directory you look up a phone number based on a persons name, while in a DNS you look up an IP address based on a websites name. Your browser automatically looks up every link you click or address you type on a DNS.

A DNS block which is what Unifi uses to block these websites, is simply removing the entry for a particular website from it’s DNS. What this does is exactly like removing a page from a phone directory, so that if I wanted to look up a new entry of a person I don’t know I won’t be able to find it. However, if I already knew the phone number of the person I wanted to call it’ll be useless, and in Unifis case it’s just that — useless.

How do I bypass a DNS block? (Unifi has this)

A simple way to bypass a DNS block is to visit a website directly by entering it’s IP address in your address bar, this is just like saving someone phone number on your contact list so you don’t have to look up the phone directory every time. Hence, for the blocked sites, it’s a simple matter of looking up the IP address of the website in question using a tool like this one from network-tools.com.

Another much easier and probably safer and more secure way of bypassing the DNS block is to use another DNS altogether. In the analogy before, Unifi is trying to block your access by preventing you from looking up phone number in phone directories Unifi has provided to you. What’s to stop you from using a publicly available phone directory? Or someone elses phone directory? The answer: nothing.

So all you have to do is to configure you network connection to lookup a separate DNS rather than the one recommended by your Internet Service Provider, my favorite is OpenDNS but there are others who prefer Google.

The method is pretty simple, here’s a step-by-step provided for Windows Vista, and for OpenDNS change your DNS IP to 208.67.222.222 and your alternate DNS IP to 208.67.220.220, if you prefer Google then the DNS IP would be 8.8.8.8 and the alternate would be 8.8.4.4.

At the end you should have something that looks like this:

I also have to stress, that changing your DNS server to OpenDNS has benefits above and beyond bypassing Unifis censorship. OpenDNS operates phishtank, which is a crowd-sourced application that signals out phishing websites and then blocks those websites via a DNS block. To a Layman what that means is that once you switch to OpenDNS, you’ll be looking a Domain Name Server that has added protection from malicious websites since OpenDNS will actually block websites it believes are malicious. Now of course you’re thinking…isn’t that the reason I switched to OpenDNS? Yes and No, there’s a difference between trying to un-censor the web and keeping the web safe from malware. You can read up more here.  Also OpenDNS operates a parental control DNS where it blocks access to sites marked as Adult websites.
This would easily by pass any DNS block your Internet service provider has set in place, but what if your ISP actually has a more sophisticated blocking mechanism. A DNS block is real kiddie stuff when it comes to online censorship and there should be other means to block users from accessing content and other means for users to bypass those blocking mechanisms.

by the way, if you prefer Google over OpenDNS you might want to read this.

What if my ISP is smarter than that?

In short there’s a WHOLE lot of stuff your ISP can do that you probably don’t know about. So a basic Virtual Private Network (VPN) would be the best option here.

In a VPN setup, what actually happens is that you setup a connection to a private server and then use that server as a proxy for all your connections. This means that as long as your Internet Service Provider doesn’t block the IP address of your VPN you can basically roam free. Another good reason to have a VPN is that they’re usually encrypted, so that your ISP can’t look at what you’re looking at, some VPN providers provide 2048 bit encryption, which would take a super computer millions of years to crack. While you may not be starting the next revolution or Arab Spring, sometimes it feels a bit uncomfortable especially in Malaysia to know that your ISP could potentially be spying on your personal data, and a good VPN is a solid way to prevent that from happening.

So how do you setup a VPN. Well thankfully there’s a free version you can try, and it’s called proXPN. proXPN is a fantastic free VPN service that uses end-2-end encryption to keep the baddies and your local ISP out of your business, it utilizes a 2048 bit encryption. On the website, the company claims that:

With proXPN nobody* can…
  • see the websites you visit
  • hijack your passwords, credit cards, or banking details
  • intercept and spy on your email, IMs, calls, or anything else
  • record your web history
  • run traces to find out where you live

As to how far that’s true…I think it is. There’s a downside however, the free version is throttled to just 100kbps, and you need to use a specific application to access the service. That being said the paid version doesn’t have throttled speed and cost just over USD9/month. I think that’s a pretty sweet deal.

BolehVPN : Malaysias Best VPN provider

If you’re looking to support  a local organization, the guys over at bolehvpn are doing a pretty good job as well. While they don’t have a free version to offer, they do have a RM5 offering that last 2 days, and depending on your needs that could be good enough. I’ve used bolehvpn and can vouch for it’s quality and service.

BolehVPN is marketed mostly as a VPN for you to bit-torrent on. Since Unifi blocks/throttles torrent traffic, a VPN is just one of the ways to work around that. BolehVPNs offerings start at Rm5 for 2 days, to as low as RM230 for a whole year, which works out to less than Rm20/month. Given that it gives you the ability to bypass nearly every filter an ISP can throw at you and encrypt your data from pesky eyes, I think that’s the best deal in town.

Conclusion

The best way around a DNS Block like the one Unifi currently has on some websites, is to just change your DNS settings to OpenDNS or Google.

However, given that you may need extra security a VPN server like proXPN or BolehVPN would be your best bet to bypass any damn filter your ISP may throw at you, plus it’ll keep your internet browsing away from pesky eyes.

Of course this doesn’t mean anything if your local Wi-Fi at your home is compromised, so do yourself a favor and read this if you just recently had Unifi installed at your home, and I would add changing DNS server to that list of things to do.

With censorship rearing it’s ugly head in Malaysia, I may have to encourage other more drastic measures like using a remote desktop to an Amazon EC2 machine to download sensitive material. For now, happy hunting.

picture of roadblock courtesy of : http://www.flickr.com/photos/simon-james/2731182967/

  • Pooichin

    Hi Keith,

    There are also some websites that function as proxies. Like a binocular into another website.  Sure the display format doesnt look pretty, but fastest for me!

    • http://twitter.com/keithrozario Keith Rozario

      Hey Pooi Chin,

      Yeap, you’re right I forgot about those sites, indeed proxy sites like bypas.in do work well for this purpose.

      Thanks for the tip.

  • NAHLA MOHAMED

    Hi everyone

    I would like to share this program with you

    ~~I wasel~~

    After trying this software i think that i have to share it .

    I wasel allows you to open any blocked sites u can imagine.

    It also changes your ip address free to choose between 6 servers.

    It also unblocks the Skype, Paltalk and everything.

    You can use it on your cell phone.

    I think you have to try it

    Go download it now

    http://www.mowasl.com

    http://www.saudiarabiavpn.com

    http://www.qatarvpn.com

    http://www.kuwaitvpn.com

    http://www.omanvpn.com/

    bahrainvpn.com

  • fauzi

    tm(unifi) is fuck it block all i use vpn speed i get only 10 kbps, first time i use vpn i get 500kbps after that dead

    • http://twitter.com/keithrozario Keith Rozario

      Hi Fauzi,

      I can vouch that I constantly use my office VPN at home with no issues. There are some latecy issues although I’m not entirely sure if that is caused by my VPN, Unifi or home WiFi.

  • Pingback: Telekom Malaysia is censoring the internet prior to GE13

  • Sam

    It seems that the writer of this post is the owner of Bolehvpn. No wonder he encourages you lots on taking his product.