What it detects

  • Detects the presence of a censor that injects forged DNS replies when it detects an blacklisted domain name


  • A list of domain names.
  • A non-existent DNS resolver(such as, which should be queried through a DNS injector(such as Great Firewall of China).


  • From inside the censored network(prober), send DNS queries with the domain names to a non-existent DNS servers, going through the DNS injector(such as GFW) .


  • If, for a domain name, the prober gets a DNS reply, then this domain name is supposed to be injected.
  • Otherwise ( the query timeout), this domain name is not injected.


  • A list of domain names injected(blocked).


This is the kind of censorship that is happening in china as illustrated in this paper:

Last modified 5 years ago Last modified on Dec 12, 2012, 9:28:47 PM