Turkmenistan blocks Google’s Cloud Storage

23 September 2019

Browser feedback when accessing Google Storage from Turkmenistan.

Only days after its launch on March 4th 2019, the independent and regime critical news site Turkmen.News was blocked by the Turkmen authorities by means of DPI. In July 2019, the news site was migrated to Google Cloud Storage to circumvent the blocking. Shortly thereafter, the popular storage service became inaccessible in Turkmenistan due to implementation of DNS spoofing.

Any DNS queries including the ones placed against the open DNS servers 8.8.8.8 from Google or 1.1.1.1 from Cloudflare are intercepted and responses are spoofed to the address 127.0.0.1.

The bogus responses that started in the end of July 2019 resulted in the blocking of Google Cloud Storage.

Similar blocking can be seen when placing requests using the DNS server of telecom.tm

The TTL values of the responses suggest that the DNS blocking is taking place directly in the access router of the provider.

1.1.1.1 →  192.168.1.X 126 response 0x0002 A storage.googleapis.com 127.0.0.1
 1.1.1.1 →  192.168.1.X 126 response 0x0003 AAAA storage.googleapis.com 127.0.0.1
 1.1.1.1 →  192.168.1.X 126 response 0x0004 A storage.googleapis.com 127.0.0.1
 1.1.1.1 →  192.168.1.X 126 response 0x0005 AAAA storage.googleapis.com 127.0.0.1
 192.168.1.1 →  192.168.1.X 64 response 0x742a A storage.googleapis.com 127.0.0.1
 192.168.1.1 →  192.168.1.X 64 response 0xb015 A storage.googleapis.com 127.0.0.1
 217.174.227.102 →  192.168.1.X 125 response 0x0002 A storage.googleapis.com 127.0.0.1
 217.174.227.102 →  192.168.1.X 125 response 0x0003 AAAA storage.googleapis.com 127.0.0.1
 217.174.227.102 →  192.168.1.X 125 response 0x742a A storage.googleapis.com 127.0.0.1
 217.174.227.102 →  192.168.1.X 125 response 0xb015 A storage.googleapis.com 127.0.0.1
 217.174.227.102 →  192.168.1.X 126 response 0x0002 A storage.googleapis.com 127.0.0.1
 217.174.227.102 →  192.168.1.X 126 response 0x0003 AAAA storage.googleapis.com 127.0.0.1
 8.8.8.8 →  192.168.1.X 125 response 0x0002 A storage.googleapis.com 127.0.0.1
 8.8.8.8 →  192.168.1.X 125 response 0x0003 AAAA storage.googleapis.com 127.0.0.1
 8.8.8.8 →  192.168.1.X 126 response 0x0002 A storage.googleapis.com 127.0.0.1
 8.8.8.8 →  192.168.1.X 126 response 0x0003 AAAA storage.googleapis.com 127.0.0.1

IPv6 spoofing returns of a IPv4 address 127.0.0.1

An interesting signature of the blocking is that DNS queries for IPv6 (AAAA) addresses return a IPv4 (A) record 127.0.0.1

How to circumvent the blocking

DNS tampering can be circumvented by editing the /etc/hosts file on your computer. The /etc/hosts is an operating system file that translate hostnames or domain names to IP addresses. By setting up your own host entry in /etc/hosts, no DNS lookup is needed for that specific host, and the DNS tampering will not affect your web request.

In /etc/hosts, please add the following entry : 

172.217.6.240 storage.googleapis.com

Please see instructions below how to find and edit the /etc/hosts file.

Windows 10 and 8

  1. Press the Windows key.
  2. Type Notepad in the search field.
  3. In the search results, right-click Notepad and select Run as administrator.
  4. From Notepad, open the c:\Windows\System32\Drivers\etc\hosts
  5. In the end of the file, add the following line: 172.217.6.240 storage.googleapis.com
  6. Save and exit.

Linux

  1. Open /etc/hosts with your favorite editor.
  2. In the end of the file, add the following line: 172.217.6.240 storage.googleapis.com
  3. Save and exit.