DNS injection collateral damage arises from three structural properties of DNS: iterative resolution (full queries sent to root and TLD authorities), anycast routing (two resolvers may reach different physical servers via different paths), and dynamic routing through censored transit ASes. A single domain lookup may generate many queries at multiple levels, any of which can be intercepted by a censored transit AS even when both the originating resolver and the authoritative server are outside the censored network.

DNSSEC validation naturally prevents DNS injection collateral damage: both .de and .kr sign their results, allowing a validating resolver to reject the unsigned injected reply while awaiting the legitimate signed response. The paper identifies DNSSEC deployment at the TLD level as the most robust structural defense against injection-based collateral damage.

§5 defense

Probing 43,842 open recursive resolvers across 173 countries found 26.41% (11,579) suffer some collateral damage from Chinese DNS injection, distributed across 109 countries. The top-affected regions are Iran (88.20%), Malaysia (85.34%), South Korea (79.20%), Hong Kong (74.63%), and Taiwan (66.13%).

§4.3, Table 5 evaluation

TraceQuery probing identified 3,120 router IPs performing DNS injection belonging to exactly 39 Chinese ASes. AS4134 (Chinanet) alone accounts for 1,952 router IPs (62.6% of injecting routers); the top 5 ASes account for over 77% of all identified injecting routers.

§4.2, Table 3 evaluation

TLD-level paths are the primary collateral-damage vector: 11,573 resolvers (26.40%) suffered collateral damage via censored transit to TLD authorities, while only 1 resolver (0.002%) was affected via paths to root servers. The .de ccTLD was most affected because a large fraction of US-to-Germany transit traverses Chinese networks.

§4.3, §4.4, Table 6 evaluation

Wallbleed was a buffer over-read in the GFW's DNS injection subsystem that caused middleboxes to append up to 125 bytes of their own process memory to forged DNS responses. The bug persisted for at least two years (confirmed from October 2021); the GFW issued an incorrect partial patch in November 2023 (Wallbleed v2 remained exploitable) and fully patched it in March 2024. Over 5.1 billion Wallbleed responses were collected during continuous measurement, and an IPv4-wide scan found 242 million IP addresses across 381 autonomous systems receiving Wallbleed-injected responses — including some traffic whose source and destination were both outside China, due to routing through China's network border.

2025-fan-wallbleed §1–§3, §7 dns-poisoningpacket-injection

Iran's DNS censor now injects two distinct block-page IPs: 10.10.34.36 (≈87% of 47,633 censored domains) and 10.10.34.34 (≈13%). Both originate from the same network node at Iran's border. Prior research (Aryan et al. 2013) described only 10.10.34.34. The IP injected correlates strongly with the HTTP censorship method applied: domains with 10.10.34.34 in DNS receive TCP RST via HTTP (86.8% of RST cases), while domains with 10.10.34.36 in DNS receive HTTP block pages (84.6% of block-page cases).

2025-lange-i-ra-nconsistencies §3.1, Table 2 dns-poisoningrst-injectionpacket-injection

Over 2.5 months (Nov 2024–Jan 15, 2025), IRBlock scanned all 11M Iranian IPv4 addresses daily, finding 6.8M IPs subject to DNS poisoning and HTTP blockpage injection, and 5.4M IPs subject to UDP-based traffic disruption. Testing over 700M FQDNs (500M apex domains) revealed 6M banned FQDNs from 3.3M censored apex domains. Of 537 active ASes in Iran, 485 (90.3%) exhibited blocking for at least 25% of assigned IPs. DNS and HTTP censorship overlapped at >99% of censored IPs; UDP blocking was a strict subset of DNS-censored IPs, affecting ~5M addresses.

2025-tai-irblock §5.1, §1 dns-poisoningpacket-injectionhttp3-quic-block

The GFI operates three distinct DNS/HTTP injectors with different fake IP addresses (10.10.34.34, 10.10.34.35, 10.10.34.36) and partially overlapping blocklists—mirroring the GFW's triplet-censor architecture. Injector 10.10.34.35 exhibits TTL reflection (injected response TTL = probe TTL − hop count), identical to the GFW. No IP exclusively receives injections from 10.10.34.34 (a smaller, selective component); the two primary injectors 10.10.34.35 and 10.10.34.36 handle the majority of censorship. Different injectors maintain distinct domain blocklists, meaning which domains a user sees as censored depends on routing through their AS.

2025-tai-irblock §5.4, Table 2 dns-poisoningpacket-injectiondpi

The GFW DNS injector vulnerability enabled reflective amplification attacks with a baseline factor of 4.04× (46-byte payload → 186-byte response). Combined with routing loops — approximately 1,000 destination IP addresses in China were found to loop packets across the GFW more than 30 times, with 159 persisting after two days and a maximum of 119 loop iterations per query — the effective amplification factor reached 481.17×, sufficient to generate 100 Gbps of attack traffic from just over 200 Mbps of source traffic.

2024-sakamoto-bleeding §5.2 Reflective Amplification Attack dns-poisoningpacket-injection

The GFW's DNS packet injector (Injector 3, identified by TTL mirroring and zero IP ID) contained an out-of-bounds read vulnerability: due to missing label-length and null-terminator validation, malformed DNS requests caused the injector to copy adjacent stack memory into forged responses. Over three days in October 2023, researchers collected over 1 TB of data containing over 13 billion leaks, ~87.43% with non-duplicate content, including live Internet traffic transiting China's backbone and stack frames of the GFW's packet-handling processes.

2024-sakamoto-bleeding §3 Vulnerability dns-poisoningpacket-injectiondpi