Huawei DNS Query – Explained

Huawei DNS Query – Explained

Avant d’obtenir un smartphone pliable, il faut absolument regarder les différents appareils disponibles sur le marché. Lequel, permettra vraiment de mater les blagues chaque jours de manière confortable ?

I feel that I need to explain what is Bei’an (备案) and why when you visit a Chinese website there will be DNS queries to [beian.gov.cn](https://beian.gov.cn), as it seems not many people know what it is.

Bei’an literally means « to put up a record », i.e. registration. In China, the government has strict control over Internet, and every website hosted in China has to be registered to the Ministry of Industry and Information Technology. In addition, if the website is an « Internet Content Provider », an additional license is required.

So, if you visit a website hosted in China, scroll down to the bottom and there is likely to be the registration number and ICP license number. For example, [http://www.google.cn/](http://www.google.cn/), which now only contains a redirection to [https://www.google.com.hk](https://www.google.com.hk), still has the following information: [ICP证合字B2-20070004号](http://www.miibeian.gov.cn/) which is Google’s (probably expired) ICP license number.

​

In the case of Baidu ([https://www.baidu.com/](https://www.baidu.com/)), it’s 京ICP证030173号 and [京公网安备11000002000001号](http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001). The first one is the ICP license number and the second one is the website hosting registration number. The later contains a link to [http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001](http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001) which is the official registration page of Baidu. And since most of the modern browsers have the « preloading » feature, it’s very likely the browser is trying to query [beian.gov.cn](https://beian.gov.cn) in advance to accelerate the speed if the user click the link later.

​

I believe this should explain why you will see DNS query to beian.gov.cn.


Voir sur Reddit by rrryougi

14 réflexions au sujet de “Huawei DNS Query – Explained”

  1. Since you went through the trouble to write it up, I will provide a full explanation of what the issue is from a programmer’s point of view.

    The guy who raised the issue initially was a (mobile, web) developer. He is evaluating a « service » provided by Baidu.com. That means it is probably a REST api service of some sort. He is going to integrate that service into his own code. So he opens up the coding IDE, insert some code that invokes an API on opensdk.baidu.com. He should have a full understanding what the code does and what it will return, so he can use the returned value to do other things.

    My best guess is to his surprise, he found the DNS lookup record for beian.gov.cn. Initially he was not aware what the baidu REST API did. So the first assumption is the Huawei phone initiated the call to beian.gov.cn for some unknown reasons. Hence the initial panic.

    Then after some digging he came to his senses. In the github analysis report, he explained very clearly, using Huawei phone or not, the call to Beian.gov.cn always happens during the Baidi API call. So, his current conclusion is the baidu service started the call to Beian.gov.cn, and since he is the person started the call to Baidu API, it is not the phone sending his info to Chinese government.

    **So, why would an REST API on opensdk.baidu.com call a server like beian.gov.cn?** Since the programmer never released any details of what API he was using, or what he was doing with the Baidu API, we will not know. However, if you realize Beian.gov.cn hosts a large array of business-oriented web services, especially the lookup and screening service for registered website (to verify if the website is legit or malicious), the baidu API *could* be calling the Beian.gov.cn to get realtime status of the registry. Since the programmer did not find it surprising, that could be the intention of what the programmer was doing at the time.

    If we use his notes on the github page, especially combine it with his analysis report, it is clear once he realized the Baidu opensdk API was making the call to Beian.gov.cn, he no longer finds it a problem any more.

  2. The fact that 99% of people in the other threads don’t know what a DNS query even is but were so ready to jump on a hate train is telling.

    If huawei is a security risk, evaluate that risk based on facts, not assumptions

  3. don’t bother, Americans on reddit will believe whatever they want despite the facts and rest of the world ain’t that dumb they would need explanation as proven by Huawei sales despite US agenda

  4. Let me explain.
    *How to connect to a website?*
    normal:

    1. Access DNS to resolve the domain name to a real address
    2. Access the website through a real address

    in China:

    1. Access DNS request to resolve domain name
    2. ISP’s router will drop DNS request packets
    3. The router will return a fake DNS resolution data.

    * If the website you requested is government-approved, DNS will have a correct website address.
    * If the website you requested is not approved by the government, DNS will give you a wrong website address. When you access this address, your traffic is under censoring. The wrong address might be a phishing website for censoring(be careful with your account/password), or it might be a black hole server, or a government’s DDOS target, or something else.

    Use China equipment on networks that are not under China control:

    * Your access behavior will be recorded and will be disturbed under rare circumstances (for example, you use a Chinese SIM and use the Chinese version of the firmware). [beian.gov.cn](http://beian.gov.cn) is used to determine if the website you are visiting is approved by the Chinese government.

Les commentaires sont fermés.