03 Nov

Quick website block analysis

One of my friend told me on error coming for http://www.musicindiaonline.com/ which was showing error that website is blocked as per DoT orders.

I just checked it now and for now domain is not resolving at all! Quick analysis to see how site is blocked.

 

anurag@laptop:~$ dig musicindiaonline.com a

; <<>> DiG 9.8.1-P1 <<>> musicindiaonline.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23431
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;musicindiaonline.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 3 02:31:58 2012
;; MSG SIZE rcvd: 38

anurag@laptop:~$

 

Clearly no error reply along with no A record return as well. This clearly indicates zone is there on DNS resolver itself and I can confirm it by looking for NS/SOA records on the resolver. I am testing this from my village connection on BSNL.

anurag@laptop:~$ dig musicindiaonline.com ns

; <<>> DiG 9.8.1-P1 <<>> musicindiaonline.com ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17114
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;musicindiaonline.com. IN NS

;; ANSWER SECTION:
musicindiaonline.com. 86400 IN NS localhost.

;; ADDITIONAL SECTION:
localhost. 86400 IN A 127.0.0.1
localhost. 86400 IN AAAA ::1

;; Query time: 30 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 3 02:33:26 2012
;; MSG SIZE rcvd: 105

 

If we look at gTLD root for delegation of domain name, we get:

anurag@laptop:~$ dig com. ns +short
c.gtld-servers.net.
d.gtld-servers.net.
e.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
h.gtld-servers.net.
i.gtld-servers.net.
j.gtld-servers.net.
k.gtld-servers.net.
l.gtld-servers.net.
m.gtld-servers.net.
a.gtld-servers.net.
b.gtld-servers.net.
anurag@laptop:~$ dig @c.gtld-servers.net. musicindiaonline.com. ns

; <<>> DiG 9.8.1-P1 <<>> @c.gtld-servers.net. musicindiaonline.com. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46992
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;musicindiaonline.com. IN NS

;; AUTHORITY SECTION:
musicindiaonline.com. 172800 IN NS ns1.musicindiaonline.com.
musicindiaonline.com. 172800 IN NS ns2.musicindiaonline.com.
musicindiaonline.com. 172800 IN NS ns3.musicindiaonline.com.

;; ADDITIONAL SECTION:
ns1.musicindiaonline.com. 172800 IN A 31.7.63.242
ns2.musicindiaonline.com. 172800 IN A 31.7.63.245
ns3.musicindiaonline.com. 172800 IN A 31.7.63.243

;; Query time: 410 msec
;; SERVER: 192.26.92.30#53(192.26.92.30)
;; WHEN: Sat Nov 3 02:36:22 2012
;; MSG SIZE rcvd: 140

 

Clearly difference in NS records. Thus primarily seems like a DNS based blockage.  I can actually use Google Public DNS and find IP of site and test connectivity:

anurag@laptop:~$
anurag@laptop:~$ dig musicindiaonline.com a @8.8.8.8 +short
31.7.63.244

anurag@laptop:~$ telnet 31.7.63.244 80
Trying 31.7.63.244…
Connected to 31.7.63.244.
Escape character is ‘^]’.
HTTP GET www.musicindiaonline.com
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor=”white”>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.1.0</center>
</body>
</html>
Connection closed by foreign host.
anurag@laptop:~$

 

Works!

So you can go ahead and blame the bird named DNS for blocking your music! 😉

One thought on “Quick website block analysis

  1. DOT or any other government department has no authority to block any website in the absence of a court order. They simply cannot do it.

    Only Cert-In can do so, and that also if the alleged website is spreading malware/virus stuff like that.

    So any blockage by DOT or any telecom company is extremely bad in law and is liable to be dealt with punitively

Leave a Reply