Info
Just setting expectations, this post is not about how to bypass Internet censorship or GFW in mainland China.
By the time you read, things might change.
If you have readers from Chinaâor just want to keep your site online in trickier parts of the internetâthis might be worth your time too.
TL;DR
Vercel is great if you are sticking to FaaS rather then self-hosting. It has official support regarding to improving accessibility in Mainland China.
Self-hosting grants you full control. If you are looking for load balance and traffic splitting, consider using reverse proxy like Nginx + GeoIP.
DNS spoofing
During a recent trip back to my hometown in China, I noticed that my personal website had become strangely unreliable. Curious (and slightly annoyed), I popped open a terminal and ran some dig and nslookup diagnosis. Thatâs when I found something weird: my domain, which is hosted via Cloudflare and points to a pages.dev address, was occasionally resolving to 127.0.0.1.
Yep, the infamous loopback address. Classic.
It didnât take long to realize what was happeningâDNS poisoning. Itâs a tactic thatâs been ramping up since around 2022 in China, where DNS responses are tampered with by ISPs to block access to websites that arenât on a âsafeâ list (some say itâs more like a huge blacklist). These pilot tests started in Fujian province, exactly where I was staying.
Now, to be clear: my site is still accessible from most places in China. But given how things are evolvingâparticularly the increasing reliance on a whitelist-style approach to internet accessâI want to make my website as accessible as possible to readers in mainland China.
The DNS poisoning isnât consistent. Sometimes the correct address does get through. That suggests itâs not a full-on blacklist situation, but more like edge-node filteringâlikely triggered by certain patterns or rules. My domain is hosted on Cloudflare Pages, which uses pages.dev, and that domain (along with workers.dev) is often outside the Great Firewallâs comfort zone. In fact, workers.dev is frequently used by Chinese netizens to set up reverse proxiesâso itâs probably on the radar.
That got me wondering: is there a way to bring a âflaggedâ domain back to life, or at least reduce the chances of it being poisoned again? Iâve been doing some digging (no pun intended), and Iâll share what Iâve learned.
Cloudflare Pages
Cloudflare Pagesâs domain, together with your domains with CNAME record pointing to *.pages.dev, are typical targets of the blockage. Iâd suggest moving your site to GitHub Pages, Vercel, or self-hosting. Besides, you might want to host on Chinese domestic platforms like Gitee and Coding.
GitHub Pages
This might be the most accessible hosting service in China without licensing. Ironically, GitHub finds Chinaâs internet a bit too âenthusiasticââGitHub Pages has restricted Baiduâs crawling due to its aggressive scraping. Go for it if Baidu SEO isnât a priority for you.
Vercel Apps
Vercel Apps once faced serious DNS spoofing attacks but quickly released an official fix. Update your settings if youâre using them:
A 76.223.126.88
CNAME cname-china.vercel-dns.com
Another solution can be found in this GitHub repo.
By the time of the release of this note, Vercel is the best solution for me. If your custom domain is poisoned with 127.0.0.1, using Vercel and its Chinese DNS server will solve it instantly.
Self-hosting
If you already have a VPS, self-hosting or setting up a reverse proxy might be worth considering. Iâd go with the reverse proxy approach if I ever need load balancing for my site.
There comes another layer of concern that, if your site triggered the GFW, you are at the risk of totally losing access of that IP address. If you cannot get a license in China (To get the licensing done, your domain must be transferred to a domestic nameserver like DNSPod, Ali Cloud, etc. But you know, once you purchased a domain name on Cloudflare, thereâs no way to transfer), and itâs difficult to get a new IP from your VPS service, then you should think twice on this.
Conclusion
Vercel is great if you are sticking to FaaS rather then self-hosting. It has official support regarding to improving accessibility in Mainland China.
GitHub Pages is great but has trouble with SEO in China.
Self-hosting grants you full control. If you are looking for load balance and traffic splitting, consider using reverse proxy like Nginx + GeoIP.