Life is struggle.

Chinese / 中文

In the past few days, several students in China have been experiencing issues while downloading documents from Blackboard. As a network engineer, I will walk you through the cause of this problem, and how you can fix it. If you are not in China, feel free to disregard this email.

While the blackboard itself is hosted on UPIC’s server, the assets are hosted on Amazon AWS. Therefore, when downloading files, photos, and videos from the blackboard, you are actually downloading them from Amazon. You can see that when you check the URL of the files you downloaded.

However, Amazon AWS has a history of being censored in China. The domain for blackboard assets, learn-ap-southeast-2-prod-fleet01-xythos.s3.ap-southeast-2.amazonaws.com, has recently been subject to DNS poisoning. This means that, when your computer tries to access the server, your ISP’s DNS server would return a false IP address, causing a connection failure. The following screenshot shows the DNS records of the domain inside China compared to outside of China. Note how the IP addresses outside of China are associated with Amazon as expected, but in China they are randomly generated.

In order to fix that, the best solution would be to use a DNS server without poisoning. But that process is very complicated. The DNS server must use a non-standard port, or use TCP instead of UDP, both of which are not natively supported by major operating systems.

Therefore, I would advise editing your hosts file as a temporary fix. The process to edit your hosts file may vary depending on your operating system.


Windows

  1. Open File Explorer, and navigate to C:\windows\system32\drivers\etc\hosts

2. Copy the hosts file to your desktop

3. Open the file with Notepad, and add 52.95.132.90 learn-ap-southeast-2-prod-fleet01-xythos.s3.ap-southeast-2.amazonaws.com to the last row.

4. Save the file, and move it back to the original folder

It is very important to edit the file on your desktop, because you will not have sufficient privileges to edit it directly.


macOS

  1. Open a Terminal window (your terminal might look different)

2. sudo vim /etc/hosts, then enter your password (your password will not show on screen)

3. Press i to enter insert mode, use arrow keys to navigate, and add 52.95.132.90 learn-ap-southeast-2-prod-fleet01-xythos.s3.ap-southeast-2.amazonaws.com to the last row.

4. Press esc, then type :wq and press enter to save the file.


iOS

  1. Install Surge 4 from the App Store (Apple ID from another region required)

2. Do not pay for the upgrade

3. Tap Local Mapping

4. Add a new rule, enter learn-ap-southeast-2-prod-fleet01-xythos.s3.ap-southeast-2.amazonaws.com into the domain field, and 52.95.132.90 into the value field.

5. Save the rule and tap Setup in the top right corner. Allow Surge to add a VPN configuration, and enter your password.


Please be aware that this is only a temporary fix, and will stop working once Amazon changes their IP address, or when the Chinese government starts utilising TCP reset attack, which usually happens a few weeks after DNS poisoning starts. I would recommend getting a VPN or other means of bypassing the Chinese internet censorship in the long term. If the IT department is reading, I would advise switching to a different CDN, or use a custom domain to avoid being censored.

Feel free to ask questions. This email has more than 20 recipients, therefore please refrain from using "Reply All" when replying.