Site blocked in China? Netlify and the Chinese Great Firewall (GFW)

Support
4

Hi folks! As I’m sure you know, we don’t have any control over what is blocked by the Great Firewall. However, most of the testing tools out there don’t do a good job of testing “is your Netlify website unloadable in China”, but instead do something like this:

  1. do an outside-of-China DNS lookup of your site. All DNS lookups come from one location, so one answer is received by the tool from “outside the firewall”.
  2. If you have dns configured optimally (see this article for more details on the topic), a DNS lookup for your site will return different IP addresses from different locations, based on their geographic nearness to our various data centers. Immediate problem: a lookup in the US or South America or Australia would basically NEVER match a result from Asia. So, there is that initial confounding factor to this methodology.
  3. While our list of data centers can and does change frequently and without announcement, this post is a relatively up to date list that we made recently.

Further complicating factor: we have several CDN nodes in most locations, and so even from e.g. Singapore, you could get one of several IP addresses for even lookups performed at the same time, as our DNS intentionally returns first one and then a different IP for the same lookup to help distribute load.

There may be checking tools that do something more sophisticated, but last time I spent (several hours) looking into this for a customer, I could not find one that wasn’t a DNS-based test, and the conclusion we came to was that their site was generally available in China which was only determinable via testing from within China.

If you have some specific reports from within China of site unreachable, it would be great to know two things to help us debug:

  1. what nslookup your.customdoma.in returns from a computer that experiences the problem AT THE TIME IT EXPERIENCES THE PROBLEM, so we can see if that IP is one of our nodes or not.
  2. a HAR file of the loading experience, in case it is “site loads poorly” rather than “site doesn’t load at all”. This is the place to instruct folks about how to grab a HAR file: HAR Analyzer

Once we’ve seen that data, we would be happy to investigate and speak to what is actually happening (accepting of course that if China blocks your website, we can’t really stop them from doing so), but at a high level, most of the tools I could find were not a good test based on how our CDN handles routing.

3 Likes