Malaysia Blocks Global DNS Resolvers: Another Salvo in The Censorship Battle

Fortunately it’s easier than ever to use open-source technology to end-run stone-age thinking.

The Malaysian government has recently ordered all Internet Service Providers (ISPs) within the country to block access to global DNS resolvers – they have until September 30th to fully comply. The move forces all DNS lookups to be routed back to local resolvers controlled within Malaysia. This act of digital gatekeeping censorship is being justified under the guise of protecting the public from “online harms.”

But, like all overreaching government initiatives, it feels more like an exercise in censorship disguised as safety.

What’s Going On in Malaysia?

Briefly, The Malaysian Communications and Multimedia Commission (MCMC) has decreed that the solution to controlling “harmful” content online is to enforce strict control over how internet users resolve domain names.

They’re essentially blocking people from using global DNS services like Google Public DNS, Quad9, Cloudflare, and others by redirecting all DNS traffic to local servers under their control.

Why does this matter? Because controlling DNS is controlling access to the entire internet. You can’t visit a website, send an email, watch a video or have a chat session without translating the underlying hostnames into an IP address through DNS (and other associated meta data that DNS increasingly transmits).

When your government controls that process, it gives them the ability to decide what you can and cannot access. This is basically Orwellian, for reals.

Here in Canada, we’re watching this unfold closely. The looming C-63 “Online Harms” legislation is cooking up a similar brew, and it’s something that the Internet Society of Canada has been flagging for a while now. I sit on their board, and this is exactly the kind of mission creep we’ve been warning against (also, former CEO of the global Internet Society, Andrew Sullivan who is Canadian, wrote this post about the Canadian bill earlier this year).

“Protecting” Against Online Harms: Censorship under a familiar guise

Make no mistake: “protecting from online harms” is censorship, pure and simple.

The phrase “protecting the public from online harms” is thrown around as a catch-all rationale for governments that want tighter control over what their citizens see and hear online. Malaysia is saying they want to curb the spread of misinformation, extremism, and illegal content by clamping down on DNS services. In their minds, if they control DNS, they control the flow of information.

DNS is one of the fundamental choke points over the internet. Fortunately, it’s been designed in a comparatively decentralized manner, so controlling it isn’t easy.

(Here’s our companion video on Understanding and Evading Government DNS Blocks 👇)



Case in Point: Malaysia

Malaysia’s MCMC has come out swinging in defense of their  DNS redirection and website blocking. The government is focusing on platforms that allegedly spread disinformation and undesirable content. However, what’s deemed “undesirable” is a grey area that expands to include political critique, opposition voices, and even satire.

Bypassing the Block: Reddit’s To The Rescue

Fortunately, it’s relatively simple to set up a DNS resolver, and it didn’t take long for people to begin sharing the details on how to do it across social media.

Threads have popped up all over Reddit, such as this one, where Malaysian netizens are discussing workarounds. If you’re reasonably tech-savvy, defined as knowing your way around a unix shell – then running your own DNS server isn’t exactly rocket science.

The main challenge is sidestepping the ISP’s blocks on port 53, the standard port for DNS traffic. But even that has solutions.

DNS over Web (Checkmate, censors): DoH and DoT

The trick is to use DNS over HTTPS (DoH) or DNS over TLS (DoT). Both of these protocols encrypt your DNS queries, making it harder for ISPs (and governments) to detect and block them. Even better, you can run these over alternative ports, making it practically impossible for censors to lock down your DNS traffic.

Setting up a DoH client to resolve queries via a cloud provider or a self-hosted server can provide a quick escape from the government’s filtering. You could also use a VPN service with integrated DNS support that can sidestep such blocks entirely.

On a technical level, it’s not trivial to do this, but with tools like AI and LLM’s now, if you’re capable of typing, reading and copy-pasting, you can.

To give you an idea of just how far things are going, I whipped out these detailed instructions via chatGPT on how to setup a DoH or DoT DNS resolver on an alternate port, and configure a Macbook Pro to use it for DNS queries – it took all of 15 seconds.

(We’re basically entering an era where we could train monkeys to circumvent government censorship, which is why, if you’ve ever followed any of my other writings, you’ll understand why I think the Decentralized Era is coming and nation states are fading to the background.).

Even if Malaysia tightens its grip on these protocols, open-source tools like DNSCrypt and local proxy resolvers still offer ways to thwart centralized control.

easyDNS and the resolver space

I wasn’t aware of the Malaysia DNS blocking until easyDNS was mentioned in one of those Reddit threads as a potential alternative DNS provider. To be clear: easyDNS is not a DNS resolver. We provide authoritative DNS, which means we help websites and domains stay online by ensuring their DNS records resolve correctly. We don’t resolve queries for individual internet users.

At one point, we did run a public DNS resolver called DNSResolvers.com, but we shut it down during a spate of DDoS attacks. We’ve since considered relaunching that (and getting it right, this time) and episodes like this make us think more on it.

Whether it’s Malaysia’s DNS block, Brazil’s banning of X, the UK’s Orwellian thought-policing on social media, or Canada’s looming “Online Harms” bill, it all comes down to the same thing: control.

The internet was designed to be open, decentralized, and permissionless. Every time a government steps in to “protect” you, what they’re really doing is tightening the noose on free expression and an open web.

Time to Re-enter the DNS Resolver Space?

Seeing all this unfold has us considering our next steps. Should easyDNS re-enter the DNS resolver space?

The way things are headed, I’d say it’s time to offer an alternative that prioritizes privacy, security, and uncensored access to the web. We’ve been approached by users who want to see us come back with a resolver service that won’t bend to government pressure, and we’re listening.

Alongside that, there’s growing demand for VPN services that can help people navigate these types of restrictions. A VPN would pair well with a privacy-focused DNS resolver service, offering a more complete suite of tools for users who are serious about keeping their internet experience free from unwarranted interference.

A Global Trend Toward Censorship

Malaysia isn’t the first country to attempt something like this, and they certainly won’t be the last.

We’re seeing a disturbing trend where governments feel entitled to dictate how their citizens can access the web. Whether it’s DNS censorship, blocking VPNs, or passing sweeping laws that criminalize online speech, the overarching theme is the same: clamp down on digital freedom under the guise of public safety.

As with any battle for control, there will always be those who fight back. The fact that people in Malaysia are already figuring out how to circumvent these blocks shows that you can’t fully suppress the human desire for free expression. Tools like encrypted DNS and VPNs are just the start. The harder governments try to tighten their grip, the more creative people will become in finding ways around it.

The TL;DR:

1. Why is Malaysia blocking global DNS resolvers?

Malaysia claims this is to protect the public from “online harms” like disinformation and illegal content, but it also gives the government more control over internet access and censorship.

2. Can Malaysians still use global DNS resolvers?

While ISPs are blocking global resolvers, there are ways to bypass the restrictions, such as using DNS over HTTPS (DoH) or DNS over TLS (DoT) on alternate ports.

3. What are DoH and DoT, and how do they help bypass censorship?

DoH and DoT encrypt DNS queries, making it harder for ISPs to detect and block them. They provide a way to resolve domains without the local government’s interference.

4. Is it possible to set up a personal DNS server to avoid blocks?

Yes, running your own DNS server is a feasible solution, especially when combined with encrypted DNS protocols and alternative ports to avoid government detection.

5. Will easyDNS offer a public DNS resolver service again?

We’re seriously considering re-entering the DNS resolver space, given the growing demand for privacy-focused, uncensored DNS services in today’s restrictive climate.

Leave a Reply

Your email address will not be published. Required fields are marked *