The domestic Chinese Internet has been going haywire for many users over the last twelve hours.
Starting at around 13:00 yesterday, January 21 (+8 GMT), China's top-level domains appeared to have a DNS failure lasting for about two hours. Though much of the failure has already gone away, some Internet users may still see website resolution issues for the next few hours.
During the outage, users trying to visit many Chinese websites hosted in China were diverted to an IP address 18.104.22.168, which seemed to jump around in the United States during the past day from North Carolina to Wyoming, depending on which Internet Protocol address lookup database was queried.
At one point, the database GlobalIPCheck.com reported the IP address in Cary, North Carolina, and owned by Dynamic Internet Technology Company, and Chinese security software firm Qihoo 360 also confirmed this location. However, a check a few hours later on GlobalIPCheck.com showed the IP was taken down.
Because the problem appeared to affect the root gTLD servers in China that control up to two-thirds of domestic websites and it had no impact on visiting overseas websites, some Chinese websites are reporting this may be a retribution hack from the United States. However, Chinese node controllers and Internet Service Providers have been known in the past to have self-created DNS problems, as well as lax upkeep of cached data, so this may not be the result of a third-party hack.
Chinese DNS service provider DNSpod said the infection only lasted for a few hours, but because some Internet Service Providers have cached DNS records, users may continue to be affected for some time.