DNS injection
This is a form of DNS censorship. It uses a ruleset for which DNS entries are unacceptable and fakes the replies from a DNS lookup so the requester can not resolve the IP address. The works in the following way:
- DNS probe is sent to the open DNS resolvers
- The probe is checked against the blocklist of domains and keywords
- For domain-level blocking, a fake DNS A record response is sent back. There are two levels of blocking domains: the first one is by directly blocking the domain, and the second one is by blocking it based on keywords present in the domain