This will be a technically more advanced post for people who are interessted how an important part of the internet works. Its about dig and DNS.
First of all you should read about DNS censoreship in this post of mine:
Now I show you a way how to detect censored DNS servers.
Ok, first you need to understand how the DNS is built. If you assume that there are a few servers that store the entire Domain->IP table you're wrong.
Its a more complicated tree. At the top of this tree are the root servers.
Those root servers do not have all domains mapped to an IP address. They just know who to ask next.
For example if we lookup steemit.com our Browser asks our configured DNS server: "Hey, do you know the IP of steemit.com". Maybe the DNS server has cached the IP of steemit.com but most likely not. So the server goes up the tree.
He ask one of the root servers: "Hey, I look for a domain registerd with the TDL (top level domain) .com". The rootserver answers with a server who knows the domains for the .com TDL. Then our DNS server asks the this server: "Hey, I look for steemit.com and since the DNS-root server said you know it, you have to give it to me). The .com server replys to our DNS with the ip of steemit.com which will pass the IP to our browser and we are now able to download the page.
Simple, isn't it?
Let's get into it
If you're on a UNIX like system you can follow this step by step using the comand dig.
By just "dig" whitout any params we can get a list of all DNS rootservers.
Ok, now we ask one of the one of them (a.root-servers.net) who to contact for looking up a .com domain.
dig @a.root-servers.net com
The next step is to ask one of those servers who knows everything about .com which next DNS server is responsible for steemit.com:
dig @a.gtld-servers.net steemit.com
Now we know which DNS server is responsible for steemit.com we can now query it and get the IP of steemit.com
dig @ns-394.awsdns-49.com steemit.com
Nice, there it is:
If we go vice versa we can confirm that everything went right
Okay, you now know the basics....
How to detect a censored DNS server?
Now lets assume some shitty provider or government tries to censore steemit.com by using DNS censorship methods.
if you then run the command
You won't get 126.96.36.199. You will get an IP address that the censored DNS server response you instead of the real one. The wrong IP address then leads you to a "This webpage is blocked" or maybe just a whit screen -page.
The command "host" uses the DNS server configured in your system or router which is by default your providers one. And there is the censoreship happening.
If you run the "host" command over your providers DNS and it returns another IP address then going trough "dig" and using and uncensored DNS server you can be sure there is something fishy.
the command dig uses the @ parameter to define a dns server you want to ask. So make sure you use a uncensored one.
A small list of uncensored DNS servers can be found here:
Now, have fun discovering uncensored and censored DNS servers :)