Nonsense domains with known-censored hostnames embedded as subdomains (e.g., www.epochtimes.com.pSyfA6srAZ0qCxU63.com) triggered the same tampered responses — returning the pool of 8 bad IPs — as direct queries for the censored domain. Control-subdomain nonsense domains (e.g., www.pSyfA6srAZ0qCxU63.com) did not trigger tampering, indicating the GFW performs substring keyword matching across the full DNS query label string.

A single bad Chinese DNS server queried 600 times about the same censored domain consistently returned a random address from the same pool of 8 IPs across all responses, confirming that the tampered behavior is deterministic and centrally coordinated rather than ISP-specific or probabilistic. The same 8-IP pool appeared uniformly across servers from China Telecom, China Unicom, and other carriers.

§6.1, §6.3, Table 1, Table 2 evaluation

99.88% of 1,607 tested Chinese recursive DNS servers returned tampered responses for censored domains. Tampered responses drew from a pool of only 8 IP addresses, compared to 441–454 distinct IPs returned by U.S. control servers for the same query set — with 366 censored domains sharing exactly those 8 IPs.

§6.1, Table 1 detection

Because the GFW injects forged DNS responses rather than dropping the original query packet, the legitimate response from the upstream DNS server may still arrive after the injected forgery. The authors propose two circumvention strategies: querying on a non-standard port to bypass the port-53-only injection filter, or issuing standard-port queries and selectively discarding responses matching the known bad-IP pool to recover the authentic answer.

§6.4, §8 defense

TTL manipulation experiments demonstrated that the GFW injects forged DNS responses at the router level, not at the DNS server: responses to censored domain queries exhibited inconsistent IP ident fields and wildly varying TTL values — consistent with a stateless in-path router — while control (non-censored) responses to the same server showed monotonically increasing ident and stable TTL. The injection was observed exclusively on port 53; identical queries sent to port 80 received no injected responses.

§6.4, Table 3 detection

IRBlock discovered that 1.7M of 3.3M blocked apex domains (52%) were attributed to blanket suffix-level blocking rules rather than individual domain listings. Examples include regex patterns targeting all Israeli domains (.il TLD), adult content (.porn), and country-coded suffixes (.com.mx, .my.id). Of 87K Tranco-ranked apex domains analyzed, 37% fell into adult content, with entertainment and gambling following. Approximately 1.27M apex domains were jointly censored by both DNS and HTTP filters, while the two filters maintained operationally independent blocklists for a significant fraction of domains.

2025-tai-irblock §5.3 dns-poisoningip-blockingkeyword-filtering

GFWeb tested 1.02 billion domains against the GFW over 20 months and discovered 943,000 pay-level domains blocked by HTTP filters and 55,000 by HTTPS filters — the largest GFW blocklist dataset ever published. The HTTP-to-HTTPS ratio (17:1) confirms that the GFW's HTTPS keyword-based and SNI-based blocking covers far fewer domains than its HTTP host-header blocking, likely because HTTPS blocks carry higher collateral-damage risk.

2024-hoang-gfweb Abstract, §5.1 dpidns-poisoningip-blockingkeyword-filteringsni-blocking

The largest measurement study of Turkmenistan censorship to date tested 15.5 million domains and found more than 122,000 domains censored using separate blocklists for DNS, HTTP, and HTTPS. Reverse-engineering the blocking rules revealed approximately 6,000 over-blocking rules that cause incidental filtering of more than 5.4 million additional domains — a 44x collateral damage ratio relative to intentionally blocked domains.

2023-nourin-measuring §Results dns-poisoningdpikeyword-filteringip-blocking

The COVID-19 Wuhan lockdown caused geolocating Twitter users in China to increase 1.4-fold immediately, remaining 10% above pre-crisis baseline long-term; approximately 320,000 new Chinese users joined Twitter due to the crisis, and the available VPN application's ranking on the Chinese iPhone App Store jumped significantly around 23 January 2020 and maintained that elevated rank.

2022-chang-covid-19 Crisis Increased Censorship Circumvention ip-blockingdns-poisoningkeyword-filtering

In countries with no Great Firewall-equivalent censorship (Germany, Italy) and in less-censored authoritarian states (Iran — Persian Wikipedia; Russia — Russian Wikipedia) that experienced comparable COVID-19 outbreaks, no analogous spillover to politically sensitive content was observed; Wikipedia engagement in those countries increased generally but did not show disproportionate access to historically censored topics, confirming the gateway effect is specific to high-censorship environments.

2022-chang-covid-19 Comparison with Other Countries Affected by the Crisis / Table 1 ip-blockingdns-poisoningkeyword-filtering

Extending Geneva's genetic algorithm to the application layer automatically discovered 77 unique HTTP evasion strategies and 9 DNS evasion strategies against censors in China, India, and Kazakhstan — all requiring only unprivileged usermode modifications with no TCP/IP header access. Against India's Airtel censor, 56 of the 77 strategies succeeded; 29 worked against Kazakhstan; 22 evaded China's keyword-based HTTP censorship and 27 evaded its Host-header censorship.

2022-harrity-get §5.1, §6 dpikeyword-filteringrst-injectiondns-poisoning