

Turkey Blocked The Google DNS - drac89

After blocking the Twitter, people started to use Google DNSes and now they also blocked.
======
ckaygusu
Lets see if this is true.

traceroute output for google dns: traceroute to 8.8.8.8 (8.8.8.8), 30 hops
max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 1.916 ms 1.885 ms 1.872 ms

2 81.212.171.79.static.turktelekom.com.tr (81.212.171.79) 6.546 ms 6.548 ms
7.746 ms

3 93.155.0.130 (93.155.0.130) 8.952 ms 8.962 ms 9.998 ms

4 * * *

5 gayrettepe-t2-2-gayrettepe-t3-6.turktelekom.com.tr.119.156.212.in-addr.arpa
(212.156.119.143) 11.529 ms 12.833 ms 13.350 ms

6 72.14.223.21 (72.14.223.21) 22.117 ms 23.176 ms 23.174 ms

7 64.233.175.188 (64.233.175.188) 45.687 ms 44.425 ms 44.377 ms

8 216.239.48.117 (216.239.48.117) 44.844 ms 216.239.48.125 (216.239.48.125)
59.738 ms 50.628 ms

9 209.85.254.114 (209.85.254.114) 50.647 ms 50.649 ms 51.616 ms

10 * * *

11 google-public-dns-a.google.com (8.8.8.8) 53.117 ms 53.809 ms 51.228 ms

\--

traceroute output for twitter.com:

1 P-2812HNUL-F1.P-2812HNUL-F1 (192.168.1.1) 27.282 ms 27.520 ms 27.748 ms

2 81.212.171.79.static.turktelekom.com.tr (81.212.171.79) 32.212 ms 32.926 ms
33.018 ms

3 93.155.0.130 (93.155.0.130) 34.917 ms 34.817 ms 40.507 ms

4 * * *

5 gayrettepe-t2-3-gayrettepe-t3-6.turktelekom.com.tr.25.212.81.in-addr.arpa
(81.212.25.72) 42.955 ms * 3174.208 ms

6 ulus-t2-3-gayrettepe-t2-3.turktelekom.com.tr.204.212.81.in-addr.arpa
(81.212.204.205) 56.691 ms 21.201 ms 20.673 ms

7 * * ulus-t2-1-ulus-t2-3.turktelekom.com.tr.197.212.81.in-addr.arpa
(81.212.197.197) 2853.324 ms

8 ulus-t3-6-ulus-t2-1.turktelekom.com.tr.29.212.81.in-addr.arpa (81.212.29.99)
22.575 ms 22.747 ms 19.829 ms

9 * * *

10 * * *

11 * * *

(It looks like 8th node drops all the packages)

\--

just to be on the safe side, this is for the yandex dns:

traceroute to 77.88.8.8 (77.88.8.8), 30 hops max, 60 byte packets

1 P-2812HNUL-F1.P-2812HNUL-F1 (192.168.1.1) 4.234 ms 4.725 ms 5.196 ms

2 81.212.171.79.static.turktelekom.com.tr (81.212.171.79) 9.674 ms 10.857 ms
11.185 ms

3 93.155.0.130 (93.155.0.130) 12.008 ms 12.007 ms 13.069 ms

4 * * *

5 gayrettepe-t2-2-gayrettepe-t3-6.turktelekom.com.tr.119.156.212.in-addr.arpa
(212.156.119.143) 15.934 ms 18.825 ms 15.887 ms

6 ams-col-1-gayrettepe-t2-2.turktelekom.com.tr.102.156.212.in-addr.arpa
(212.156.102.69) 70.412 ms * * 7 ams-ix.retn.net (195.69.145.216) 101.343 ms
101.304 ms 101.318 ms

8 GW-Yandex.retn.net (87.245.246.14) 65.985 ms 62.182 ms 63.166 ms

9 tulip-ae1.yndx.net (87.250.239.46) 79.653 ms 78.998 ms 63.158 ms

10 dns.yandex.ru (77.88.8.8) 73.809 ms 67.510 ms 67.868 ms

It is pure hoax. I'm also very discontended these very recent restrictive
movements, probably the authors at webrazzi are feeling the same way, but by
publishing such news without verification, the media becomes more and more a
tool for propaganda.

Seriously, there is so much bullcrap going on, I don't know what to believe
anymore.

~~~
gokhan
It was inaccessible in the morning, appears to be back now, so cut the
government crap and shut up.

This is from around 09:00

Tracing route to 8.8.8.8 over a maximum of 30 hops

    
    
      1     1 ms     1 ms     1 ms  192.168.1.1
      2     8 ms     6 ms     6 ms  81.212.171.62
      3     9 ms     9 ms    13 ms  93.155.0.146
      4    10 ms     9 ms     9 ms  81.212.108.162
      5    15 ms    16 ms    26 ms  81.212.201.254
      6    22 ms    14 ms    13 ms  81.212.208.145
      7     *        *        *     Request timed out.
      8  ^C
    

This is after I changed my dns to 4.2.2.1, again in the morning:

    
    
      1     1 ms     1 ms     1 ms  192.168.1.1
      2    88 ms     7 ms     7 ms  81.212.171.62.static.turktelekom.com.tr [81.212.171.62]
      3     9 ms     9 ms     8 ms  93.155.0.146
      4  3481 ms  2804 ms  2210 ms  81.212.108.162.static.turktelekom.com.tr [81.212.108.162]
      5    10 ms     9 ms     9 ms  bursa-t2-2-bursa-t3-3.turktelekom.com.tr.201.212.81.in-addr.arpa [81.212.201.254]
      6    12 ms    15 ms    12 ms  gayrettepe-t2-2-bursa-t2-2.turktelekom.com.tr.208.212.81.in-addr.arpa [81.212.208.145]
      7     *        *        *     Request timed out.
      8     *        *        *     Request timed out.
      9     *        *        *     Request timed out.

~~~
ckaygusu
So you suggest at every little internet hiccup I should blame someone and rant
about my freedom being restricted?

~~~
gokhan
Our freedom is already being restricted, you idiot. Access to Twitter is
blocked by the government, without a court order.

Hiccup my ass.

~~~
ckaygusu
You cannot discuss anything without name-calling, do you?

~~~
esolyt
And this is coming from a person who called the news "bullcrap".

This is a very sensitive issue and people have good reason to believe every
hiccup is intentional.

~~~
ckaygusu
> And this is coming from a person who called the news "bullcrap".

Please read the definition of name calling.

> This is a very sensitive issue and people have good reason to believe every
> hiccup is intentional.

True, yet I still don't see any reason for me getting insulted.

~~~
r-evolution
>> True, yet I still don't see any reason for me getting insulted.

Being a government shill is good enough reason for me.

------
Ayaz
A number of ISPs over here (PK) preposterously block gDNS (as well as
OpenDNS). What's rather ironic is that they only block UDP requests to gDNS,
and not TCP (`dig @8.8.8.8 google.com +tcp`). It's ludicrous, but that's how
it is.

------
eknkc
Turkish source: [http://www.webrazzi.com/2014/03/22/google-dns-
engellendi/](http://www.webrazzi.com/2014/03/22/google-dns-engellendi/)

------
makmanalp
I think this may be the effect of the entire Turkish internet-going population
hammering the google DNS servers.

More importantly, does anyone know about the potential of man-in-the-middle
DNS attacks? There is no https-like certificate based 3rd part validation for
DNS, is there?

~~~
nmc
Firstly, MitM attacks on DNS: totally free. Nothing is authenticated, all is
plain text in UDP. Just intercept packet and change the answer.

Secondly, no, there is no third-part validation for DNS. There is better.

DNSSEC [1,2] takes advantage of the hierarchical nature of DNS to build a
chain of trust. It does so by authenticating subdomain delegations, and
signing resource records.

Keep in mind, even though all DNS root servers now do DNSSEC, Internet-wide
deployment is still ongoing and coverage is far from satisfying.

[1] [http://tools.ietf.org/html/rfc4033](http://tools.ietf.org/html/rfc4033)
[2]
[http://en.wikipedia.org/wiki/Domain_Name_System_Security_Ext...](http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)

------
m00dy
Just checked dns servers.They are fine [https://fbcdn-sphotos-
a-a.akamaihd.net/hphotos-ak-prn1/t1.0-...](https://fbcdn-sphotos-
a-a.akamaihd.net/hphotos-ak-
prn1/t1.0-9/155903_10152309047299201_1781285292_n.jpg)

------
r0muald
I don't know much about Turkish ISPs but the path they have taken seems even
worse than a global internet blackout. After all those who only need to do
their business can ignore the blockage.

Of course 8.8.8.8 was a bad shortcut: exactly like Twitter, it is a textbook
example of SPOF. So while I sympathize with the protests, I hope this episode
will teach a few at least the importance of decentralized services.

~~~
pseudozach
ve been using Tor both on desktop and mobile with no problems since problems
started.

------
est
Welcome to the cat-mouse game:

1\. government blocks something

2\. People posting workarounds online

3\. government block circumvention methods again

4\. network activity goes underground.

You are not at stage 3 of the first cycle.

------
destan
The government should have blocked the ip of Twitter to make the ban
effective!

~~~
r-evolution
No, they should've hired Cisco and IBM to build 'em a copy of the Great
Firewall of China. US, EU should do the same and start building squads of
execution drones.

------
inanov
I am not sure about OpenDNS but Yandex DNS works fine, I can use twitter

~~~
Sovietaced
Twitter has numerous IPs and they are buying more..

------
TheSmoke
it's back now.

