Continuous measurements of DNS interference in Sri Lanka. Newspaper and other websites interfered with.
In reaction to recent, and older, reports  about potential DNS interference in Sri Lanka, in particular in regards to the Colombo Telegraph, we would like to share a brief review of our recent monitoring of open resolvers in Sri Lanka.
The Chokepoint Project is currently monitoring DNS responses about 1201 domains from a selected 152 openly resolving nameservers  in 7 Autonomous Systems  in Sri Lanka. The Chokepoint Project has developed a DNS monitoring system based on DNShonest, a research tool developed by Dr. Joss Wright of the Oxford Internet Institute . The monitoring system runs every 12 hours.
During the course of this ongoing monitoring effort we have encountered the following results:
Of the 152 nameservers queried, 47 answer a DNS request. A single monitoring run issues approximately 180.000 requests. 4 domains returned suspiciously high incorrect responses , which did not seem congruous with Sri Lanka. After manual inspection this was found to be due to an error in our verification heuristics. This error in our code has been corrected.
What remained were 11 domains for which incorrect DNS responses were given from a number of queried nameservers. After manual inspection these were not found to be due to errors in our verification heuristics. The majority of these invalid responses were ‘localhost’ , instead of a correct IP address. Such a response will always direct the issuer of the requests to the issuer’s machine, effectively preventing the user from reaching the website.
Such responses are determined by our heuristics to be purposely false and are designated to be ‘a lie’.
The measured responses that issued such lies were about the following 11 domains : www.colombotelegraph.com, adultfriendfinder.com, pornhub.com, postimage.org, redtube.com, livejsamin.com, penisbot.com, xhamster.com, xvideos.com, youjizz.com, youporn.com.
Of these domains only one is not of an adult nature, www.colombotelegraph.com .
The organizations corresponding to the Autonomous Systems in which machines give such incorrect responses are: ‘Sri Lanka Telecom Internet‘, ‘Dialog Axiata PLC‘, ‘Lanka Communication Services‘, ‘Lanka Education & Research Network, NREN‘ and ’Lanka Bell’s AS‘.
Please note, despite that the machines giving either correct of incorrect responses, resided in Autonomous Systems owned by the above mentioned organizations, that does NOT mean by definition that those machines are either owned or managed by those organizations.
Chokepoint Project continues to measure responses from nameservers in Sri Lanka and elsewhere. Updates to aggregate results can be accessed on our public beta: https://beta.chokepointproject.net/country/LK?show=2015-02-06 . Contact us for access to raw data.
In the time it took to write this review, the DNS entry for www.colombotelegraph.com is no longer being interfered with by the nameservers being monitored by Chokepoint’s DNS monitoring system.
At 03:46 UTC, on February 5th 2015, www.colombotelegraph.com was still directed to localhost in 5 nameservers that were monitored. By 11:32 UTC of the same day no more redirects to localhost were detected.
www.colombotelegraph.com might have been recovered, but there are still at least 10 other domains which continue to experience interference from the nameservers that we monitor.
When Malaysia Airlines Flight 370 disappeared, a global network of monitoring systems and organizations reported on its disappearance within minutes. This network was developed over many years and at great expense by a wide variety of people holding divergent interests. Despite political differences and economic and technical challenges, everybody agrees that the sudden disappearance of an airplane is unacceptable.
In a world that is increasingly dependant on the secure and transparent operation of a global information network, it is also unacceptable for the sudden disruption of websites and network services to go unnoticed. While www.colombotelegraph.com has been recovered, there is still a veritable graveyard of websites going unreported.
The Chokepoint Project works on building monitoring systems for the internet, in collaboration with partners from around the world. We invite you to delve deeper into our approaches here .
 https://www.colombotelegraph.com/index.php/once-again-colombo-telegraph-blocked-dialog-and-etisalat-tamper-dns-responses/ , https://www.colombotelegraph.com/index.php/colombo-telegraph-blocked-how-to-reach-us-now-sri-lanka-telecom-and-mobitel-joins-the-dpi-club/
 We are testing 152 openly resolving nameserver, we have no idea if and how much these are used by anyone, in Sri Lanka or elsewhere. As such we make no statement as to how representative this selection is of all Sri Lankan resolvers, nor how many users might be affected.
 ‘localhost’, or ’127.0.0.1′ are a reserved name and IP address. These reservations are used, and required, for the ‘loopback’ interface which exists on any, and all, network connected machine.