Hey guys, Im from Hong Kong. Recently an Taiwan government website (www.tjc.gov.tw) were unavailable from Hong Kong. It was very likely to being blocked by ISP by both IP and DNS as political censorship that requested by Hong Kong Police under the so-called National Security Law (NSL).
Meanwhile, something wired is happened. Usually, when ISP is intentionally blocking a domain through their DNS resolver, it should be bypassed when using other DNS resolver such as 188.8.131.52.
But this time, using 184.108.40.206 could not bypass the censorship, not only because the IP address were blocked by ISP, but also because 220.127.116.11 is not resolving the affected domain. When using dig or nslookup command for the affected domain using 18.104.22.168, you will find that the query is failed. Moreover, the address still couldn’t be resolved by 22.214.171.124 even using DoH, DoT or WARP. Meanwhile, other public DNS such as Google, OpenDNS or Hurricane Electric were still able to resolve the domain.
To further confirm, I attempted to reproduce the problem with connecting VPN, and its seems that problem will occured if Cloudflare data center is routed to Hong Kong (check with 126.96.36.199/help), even if I am connected to VPN that outside Hong Kong.
I was stunned if Cloudflare DNS is taking part in the censorship. I guess 188.8.131.52 was just being spoofed? Before making any judgement, I would like to further clarify if I made any misunderstanding: is any user in Hong Kong (or connected to VPN that server in Hong Kong) and experiencing same problem that 184.108.40.206 not able to resolve the affected domain (www.tjc.gov.tw)?
Hopefully this is just an mistake, thank you.