Malaysia started mandating ISPs to redirect DNS queries to local servers

Original Article ↗ Hacker News Discussion ↗

Policy and Legal Context

  • Malaysia instructed ISPs to redirect DNS queries to government‑approved resolvers to block “malicious” sites, including online gambling, copyright infringement, and pornography.
  • Pornography is illegal in Malaysia; commentators see this and “protect the children” framing as a convenient pretext for broader control.
  • Some defend the move as a sovereign right and a way to avoid data mining by foreign DNS providers; others highlight Malaysia’s Islamic legal context and existing discrimination as reasons to distrust censorship powers.

Technical Mechanism and Workarounds

  • ISPs can transparently hijack UDP/TCP port 53 and even block DoT (853) and known DoH endpoints (e.g., Google, Cloudflare), returning bad certificates or redirecting to local DNS.
  • Some users report Malaysia temporarily rerouted 1.1.1.1 and popular DoH endpoints; others in different regions saw no effect or later reversal.
  • Proposed countermeasures:
    • Use DoH/DoT/DNSCrypt, DNS over QUIC/HTTP/3, Encrypted Client Hello.
    • Run local resolvers (Pi‑hole, Unbound, AdGuard) and tunnel DNS via VPN, Tor, iodine, web sockets, or custom proxies.
    • Full VPNs with obfuscation (e.g., Shadowsocks‑style) to evade DPI and protocol blocking.
  • Several note practical limits: governments can block known resolvers and VPN IPs; typical clients often fall back to plain DNS for availability.

Impact on Users and Networks

  • Home and corporate admins complain that application‑level DoH (e.g., browsers) bypasses carefully configured local DNS (ad‑blocking, split‑horizon, security policies).
  • Others welcome DoH as protection against ISP DNS hijacking and logging, especially on hostile or public networks.

Censorship, Democracy, and Sovereignty

  • Many expect the blocklists to extend beyond malware and porn to LGBT resources, opposition content, and “anti‑government” material, citing parallels with Russia, China, and South Korea.
  • Debate over democracy: some argue a democracy can still choose censorship by majority vote; others counter that uninformed electorates under censorship cannot truly consent.
  • Broader concern about “internet balkanization” and national “intronets” as more states assert digital sovereignty.

Reversal and Ongoing Uncertainty

  • Later in the thread, it’s reported that Malaysia’s government ordered a halt to DNS redirection after public backlash, framing earlier actions as a “confusion.”
  • Several commenters doubt this is the end of such attempts and are hardening their setups (VPNs, custom DNS) in anticipation of future moves.