Hey guys, Im from Hong Kong. Recently an Taiwan government website (www.tjc.gov.tw) were unavailable from Hong Kong. It was very likely to being blocked by ISP by both IP and DNS as political censorship that requested by Hong Kong Police under the so-called National Security Law (NSL).
Meanwhile, something wired is happened. Usually, when ISP is intentionally blocking a domain through their DNS resolver, it should be bypassed when using other DNS resolver such as 184.108.40.206.
But this time, using 220.127.116.11 could not bypass the censorship, not only because the IP address were blocked by ISP, but also because 18.104.22.168 is not resolving the affected domain. When using dig or nslookup command for the affected domain using 22.214.171.124, you will find that the query is failed. Moreover, the address still couldn’t be resolved by 126.96.36.199 even using DoH, DoT or WARP. Meanwhile, other public DNS such as Google, OpenDNS or Hurricane Electric were still able to resolve the domain.
To further confirm, I attempted to reproduce the problem with connecting VPN, and its seems that problem will occured if Cloudflare data center is routed to Hong Kong (check with 188.8.131.52/help), even if I am connected to VPN that outside Hong Kong.
I was stunned if Cloudflare DNS is taking part in the censorship. I guess 184.108.40.206 was just being spoofed? Before making any judgement, I would like to further clarify if I made any misunderstanding: is any user in Hong Kong (or connected to VPN that server in Hong Kong) and experiencing same problem that 220.127.116.11 not able to resolve the affected domain (www.tjc.gov.tw)?
Hopefully this is just an mistake, thank you.