DNS Hijacking : Exposed & Explained
DNS Hijacking – The terms
Domain name : The website name such as www.google.com that is the better known address of the website you would like to visit.
IP Address : A numerical address such as 126.96.36.199 which is in essence an address just like your zip code and street no and house no. Each website must have an IP address.
DNS : Doman Name Service, this is an Internet service that runs on port 53 and translate a domain name such as Google.com to an IP address such as 188.8.131.52. All traffic on the Internet is exchanged using IP addresses. As a result, the first thing that must happen for you to open a web page is to resolve the domain name to an IP Address.
ISP : Internet Service Provider, basically the provider of your Internet connection.
Ping : A command line tool found on all operating systems that can be used to translate from a domain name to an IP address. Useful to detect if DNS hijacking is occurring.
DNS Hijacking – The dangers
As you an see in the illustration above, your ISP redirects all your DNS traffic to it’s own DNS servers and resolves the domain names on it’s own servers. Please see the below for the problems with this approach
- If the ISP DNS server goes down or is overloaded, you wont be able to browser the Internet.
- If you want to use another DNS server such as Google’s DNS server, or a Smart DNS Proxy Server such as Unlocator you wont be able to do so as your DNS traffic is being intercepted.
- The ISP DNS might be logging all your DNS traffic and can determine at any time what you were watching.
- The ISP DNS is a single point of failure and weakness you are exposed to, if that DNS server is exploited it can be used to send you to rogue webpages that look like the web page you intended to visit “Such as your bank site, or your email” and you mistakenly think it is the correct site. What happens next, is that you enter your logon information and that is recorded on the rogue web page. The rest I will leave to your imagination.
DNS Hijacking – How to detect
The fastest way to detect DNS hijacking is by using the ping utility. If you ping a non-existent domain and it resolves, that is probably a very strong indicator that your ISP is hijacking your DNS traffic. This is an excellent tutorial on how to ping on different OS. The idea here is to ping the hostname thevpnguru-dns-exposed.tld this should fail if it does actually return an IP address you are the victim of DNS hijacking.
Another way which gives you a 100% confirmation if your DNS is being hijacked, is to change your DNS address on a device you use to 0.0.0.0 and 0.0.0.1 . If after that your Internet still works and you can open up web pages normally your DNS traffic hijacked.
DNS Hijacking – The solution
Now that DNS hijacking and it’s dangers are exposed, it is time to talk about work arounds. Fortunately there are two work arounds, one is quite easy to achieve and one requires a bit more technical expertise.
- The easy way : Get a VPN connection, VPN stands for Virtual Private Tunnel, what a VPN service would do is encrypt all you traffic and send it through a virtual tunnel. This goes for all your traffic DNS/Web traffic and so on. As a result your ISP will not be able to decipher your traffic. Now all you traffic goes through the virtual tunnel and it looks to your ISP like gibberish. Have a look at the illustration above, you can notice that the man with the red cravat is Xed out now, and all your traffic is locked down. Another benefit of VPN is that you can use it while travelling to protect your traffic and in Internet cafes and so on. One final benefit is that it allows you to change your Internet location, so you can watch Netflix USA while not in USA or BBC Iplayer while not in UK. I personally do use a VPN service called ExpressVPN, with apps that allow you to get started in seconds on IOS-Android-Mac and Windows,ExpressVPN hides my traffic from all intentional or un-intentional interception :) . More importantly ExpressVPN use the highest encryption standards available at the time of writing this article.
The best VPN providers to bypass DNS Hijacking.
- Best for streaming and privacy
- High speed servers in 160 VPN locations
- Works for Netflix, BBC iPlayer, Amazon Prime Video, and Hulu
- 24/7/ live chat support
- 3 extra months free on annual plan
- UltraHD streaming
- Free Smart DNS proxy
- Unblocks all major streaming services
- Limited Time 72% Discount
- Unlimited VPN connections
- Over 1000 servers
- Ad-blocking feature available
- User-friendly application
- Exclusive Smart VPN feature
- Standalone Smart DNS subscription available
- Extra security features
- Extensions for Firefox and Chrome
- Split-tunneling available
- The hard way : Given that your DNS provider supports port DNS on port 54 “Smart DNS Proxy Provide Unlocator support port 54″ you can use a router that supports DD-WRT and flush it with an upgrade to DD-WRT and then use iptables rules to force DNS traffic to port 54. This way your DNS traffic will sneak it’s way past your ISPs DNS server. If I will get enough requests or questions about this, I might write an article about it. DNSSEQ is another way to overcome this, but due to the complex nature for newbies I opted out of going into detail. See Video and Picture guides for setup here. Smart DNS should unlock around 90 channels and sites.
DNS Hijacking – Final Thoughts
Finally, please do share this article and send some love in form of Likes ! if you did benefit from reading the content above. Thanks for reading.
Hello, please write an article on how to flush router, at the end you mentioned the “hard way” to manually change your DNS.
The easiest way is probably just using a VPN? I use Surfshark and check ipleak before browsing, showed no DNS leaks so far. The slight speed drop is a bit frustrating, so would love to read your “hard way” solution.
I am using the vpn app called HMA (HIDE MY ASS) for use in Mexico (I’m from the US). It works for many applications but not. Some give a message saying that they do not accept vpn’s. Is there a way around that? Also, the speed on HMA via my ASUS router modem is not as fast as my mexico fiber optic router alone. Any way around that? Thank you