[ooni-talk] New report: DNS over TLS blocked in Iran

Maria Xynou maria at openobservatory.org
Wed Jun 24 17:51:40 UTC 2020

Hello friends,

Today OONI published a new research report, titled: "DNS over TLS
blocked in Iran".

You can access this report here: https://ooni.org/post/2020-iran-dot/

DNS over TLS (DoT) is a network protocol that secures DNS queries

DoT improves the privacy and security of DNS queries, and makes
DNS-based blocking harder.

We investigated whether DoT works in Iran by gathering a list of 31
well-known DoT endpoints and running experiments from four distinct
Iranian mobile and fixed-line Internet Service Providers (ISPs): MCI,
TCI, Irancell, and Shatel.

We discovered that:

* 57% of the endpoints are blocked on a least one ISP;

* the blocking is not implemented uniformly across ISPs;

* most blocking happens by interfering with the TLS handshake;

* in some cases TLS handshake blocking seems to depend on the SNI, while
in other cases it seems to depend strictly on the TCP endpoint being used;

* forcing TLSv1.3 does not change the rate of successful TLS handshakes
compared to letting the server choose a TLS version between v1.0 and v1.3.

In our report, we share details from our experiments and findings.

Please share our research:


~ OONI team.

Maria Xynou
Research & Partnerships Director
Open Observatory of Network Interference (OONI)
PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/ooni-talk/attachments/20200624/5c3720e8/attachment.sig>

More information about the ooni-talk mailing list