DNS Hijacking : Exposed & Explained
DNS Hijacking – The terms
Domain name : The website name such as www.google.com that is the better known address of the website you would like to visit.
IP Address : A numerical address such as 8.8.8.8 which is in essence an address just like your zip code and street no and house no. Each website must have an IP address.
DNS : Doman Name Service, this is an Internet service that runs on port 53 and translate a domain name such as Google.com to an IP address such as 8.8.8.8. All traffic on the Internet is exchanged using IP addresses. As a result, the first thing that must happen for you to open a web page is to resolve the domain name to an IP Address.
ISP : Internet Service Provider, basically the provider of your Internet connection.
Ping : A command line tool found on all operating systems that can be used to translate from a domain name to an IP address. Useful to detect if DNS hijacking is occurring.
DNS Hijacking – The dangers
DNS Hijacking by ISPs exposed
As you an see in the illustration above, your ISP redirects all your DNS traffic to it’s own DNS servers and resolves the domain names on it’s own servers. Please see the below for the problems with this approach
- If the ISP DNS server goes down or is overloaded, you wont be able to browser the Internet.
- If you want to use another DNS server such as Google’s DNS server, or a Smart DNS Proxy Server such as Unlocator you wont be able to do so as your DNS traffic is being intercepted.
- The ISP DNS might be logging all your DNS traffic and can determine at any time what you were watching.
- The ISP DNS is a single point of failure and weakness you are exposed to, if that DNS server is exploited it can be used to send you to rogue webpages that look like the web page you intended to visit “Such as your bank site, or your email” and you mistakenly think it is the correct site. What happens next, is that you enter your logon information and that is recorded on the rogue web page. The rest I will leave to your imagination.
DNS Hijacking – How to detect
The fastest way to detect DNS hijacking is by using the ping utility. If you ping a non-existent domain and it resolves, that is probably a very strong indicator that your ISP is hijacking your DNS traffic. This is an excellent tutorial on how to ping on different OS. The idea here is to ping the hostname thevpnguru-dns-exposed.tld this should fail if it does actually return an IP address you are the victim of DNS hijacking.
Another way which gives you a 100% confirmation if your DNS is being hijacked, is to change your DNS address on a device you use to 0.0.0.0 and 0.0.0.1 . If after that your Internet still works and you can open up web pages normally your DNS traffic hijacked.
DNS Hijacking – The solution
DNS Hijacking by ISPs exposed – Unblock with VPN
Now that DNS hijacking and it’s dangers are exposed, it is time to talk about work arounds. Fortunately there are two work arounds, one is quite easy to achieve and one requires a bit more technical expertise.
- The easy way : Get a VPN connection, VPN stands for Virtual Private Tunnel, what a VPN service would do is encrypt all you traffic and send it through a virtual tunnel. This goes for all your traffic DNS/Web traffic and so on. As a result your ISP will not be able to decipher your traffic. Now all you traffic goes through the virtual tunnel and it looks to your ISP like gibberish. Have a look at the illustration above, you can notice that the man with the red cravat is Xed out now, and all your traffic is locked down. Another benefit of VPN is that you can use it while travelling to protect your traffic and in Internet cafes and so on. One final benefit is that it allows you to change your Internet location, so you can watch Netflix USA while not in USA or BBC Iplayer while not in UK. I personally do use a VPN service called ExpressVPN, with apps that allow you to get started in seconds on IOS-Android-Mac and Windows,ExpressVPN hides my traffic from all intentional or un-intentional interception :) . More importantly ExpressVPN use the highest encryption standards available at the time of writing this article.
The best VPN providers to bypass DNS Hijacking.
- Best for streaming and privacy
- High speed servers in 160 VPN locations
- Works for Netflix, BBC iPlayer, Amazon Prime Video, and Hulu
- 24/7/ live chat support
- 3 extra months free on annual plan
- UltraHD streaming
- Free Smart DNS proxy
- Unblocks all major streaming services
- Limited Time 72% Discount
- Unlimited VPN connections
- Over 1000 servers
- Ad-blocking feature available
- User-friendly application
- Exclusive Smart VPN feature
- Standalone Smart DNS subscription available
- Extra security features
- Extensions for Firefox and Chrome
- Split-tunneling available
- The hard way : Given that your DNS provider supports port DNS on port 54 “Smart DNS Proxy Provide Unlocator support port 54″ you can use a router that supports DD-WRT and flush it with an upgrade to DD-WRT and then use iptables rules to force DNS traffic to port 54. This way your DNS traffic will sneak it’s way past your ISPs DNS server. If I will get enough requests or questions about this, I might write an article about it. DNSSEQ is another way to overcome this, but due to the complex nature for newbies I opted out of going into detail. See Video and Picture guides for setup here. Smart DNS should unlock around 90 channels and sites.
DNS Hijacking – Final Thoughts
Finally, please do share this article and send some love in form of Likes ! if you did benefit from reading the content above. Thanks for reading.
Related Posts
About The Author
William Reeves
A technical wizard of 10 year experience. Certified in Linux, Ethical Hacking and all sorts of technical stuff . I did work on projects around the world worth millions of dollars. My aim is to free you the reader from location restrictions and protect your privacy.
Add a Comment
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Hello, please write an article on how to flush router, at the end you mentioned the “hard way” to manually change your DNS.
The easiest way is probably just using a VPN? I use Surfshark and check ipleak before browsing, showed no DNS leaks so far. The slight speed drop is a bit frustrating, so would love to read your “hard way” solution.
I am using the vpn app called HMA (HIDE MY ASS) for use in Mexico (I’m from the US). It works for many applications but not. Some give a message saying that they do not accept vpn’s. Is there a way around that? Also, the speed on HMA via my ASUS router modem is not as fast as my mexico fiber optic router alone. Any way around that? Thank you
Hi Lee. To be honest with you, I’m not a big fan of HMA. There are plenty of other better VPNs you can try out.
Dns hijacking is just the tip of the iceberg,I assume that nearly all internet users will have to use vpn services in the future.Whatever a user do it will be vain without encryption.Let’s see what will be the future of internet when cryptos and decantrilized web will be mainstream.
Hello Everyone,
I’m looking for a recent list of ISP’s that DONT DNS Hijack as standard. Could anyone help me with this? Many thanks, Sarah
Hello Sarah. Most ISPs don’t apply DNS hijacking although it’s still common practice in some Middle Eastern and East Asian countries.
Good Input. Will adopt this soon, as my router is already under DNS hijack attack !!!
Unscrupulous act of a intruder with an ulterior motive. Can this be booked this as an criminal offence ?
Hi, Excellent article. My concern is the top of the article, where you said that DNS Hijacking is essentially when ISP “Internet Service Provider” does redirect your DNS traffic to it’s own DNS servers and does DNS resolution without your consent is a concern for me. Scan by avast, shows two hijacked domains name. But it is not my ISP for sure. If that is the case, then how to know that dns is hacked. Is that means that my ISP provided DNS server default in the router has been hacked by these domains. How to know that my ISP is redirecting to its own server? Is there a way ? I heard sometime back, that whenever my router reboots after loss of internet connection, i found suddenly that subsequent click on link goes not to that site but to my service providers so called mail service. Is that an indication. After i close the mail link, my link would open correctly. This is the site, where useful information are given for non technical people to how to learn simply. This is the site, where i found that ISP may be hacking the users to their own servers. Is it not strange. The ISP is the service provider, and thro its servers only you get internet connection. please explain to me to my email address
Hi. There are quite a few ways to test whether you are subject to DNS hijacking or not. The easies way would be to setup Open DNS either on your router or computer as explained here https://use.opendns.com/
Once done, visit this page https://www.opendns.com/welcome/
If you get a check mark and a ‘Welcome to Open DNS’ message, your DNS is most certainly not being hijacked.
Hi, I get welcome OPenDNS. Is google.dns not safe? pl say. If vulnerability is shown, does that mean the domains of the affected sites,(i have not browsed) have been hacked by third party from my Service Provider DNS service. pl
Well written article, thanks for your contribution (no Like button!) FYI, I had IPVanish and started getting browser messages that at least 2 of their servers had been reported as abusive and I had to enter info to get onto them. IPVanish then changed some servers but the new ones gave me trouble too so I canceled my account. Never had a problem of any kind with HMA.
Advance help required?
I have a flash router with DD-WRT firmware installed.
I have also verified that my DNS code was not hijacked, simply Ping-ed thevpnguru-DNS-exposed.tld and ping request could not find any host.
Having said that my Netflix and watch ESPN is not working and I get a proxy error from Netflix saying that I must cancel my unblocker or proxy.
? Need some heads up here…
Hi, Glad that i saw this post.
I am having a peculiar problem in dns, that is forcing out the internet access at every log on or restart. The error no.id 1014, windows dns client service, Name resolution for ….com timed out as none of the servers responded error Each time the com is different. sometimes it gives ping.avast com name resolultion error.
I was also getting a regular _ldap name resolution error.
please give me the solution, sir,
I change my router and modam but still my computer has problem and we can’t revive email and we bought anther computer and some hijack our complet our intarer
I can use HMA ,vpn,on my laptop to access US netflix but when I use it it on my ipad , it takes me to local(Canada) netflix. same router and network why can I get there on one but not the other?
Have you contacted the HMA support? They are there to troubleshoot any problem the users have. After all, you have already paid for it.
they weren’t much help
Hi,
I am experimenting issues accessing the US version of Netflix. I use a SmartDNS service, but for the last few weeks does not seem to be working.
Has this issue been reported by other users?
How can i solve it?
Hi. It seems some Smart DNS services are no longer able to unblock American Netflix. However, I’ve been using Unlocator Smart DNS and can confirm that I’m still able to watch US Netflix outside USA.
After Netflix announced that their streaming can be watched in 160 countries last January, they said they would try to block, in the coming weeks, subscribers to watch Netflix from outside their region. I guess they have succeeded it with some DNS proxy services.
That is correct. Some proxy services are no longer able to unblock American Netflix for instances, but others, like Unlocator, quickly found a workaround so it’s not all doom and gloom yet.
Excellent article, I have been trying to explain to non techies for years, I will now use your words. Thanks
Hi Adi. You are welcome :)
My primary DNS server set to 0.0.0.0
My secondary server is set to 198.224.169.135.
My third server is set to 0.0.0.0.
I don’t have the ability to change these. Help
H. If your router does not allow you to change your DNS settings, you need to connect a secondary router to it and configure DNS on that secondary router instead.
How do you change the second router if the primary router is a mifi router and it is a 4G LTE router?
Hi Adolf. You can connect the WAN port of the secondary router to a LAN port in the main router using an Ethernet cable and then setup DNS on that secondary router.
Well, my primary router is a portable mini wireless router that I can carry it in my pocket. It has no LAN port but it has a micro- usb port that can be connected to USB-A type port. And my wired router and my wireless access point has no USB port.
I have another router, Apple Airport Express router, it has a WAN port, a LAN port, a USB port, and an audio jack. The USB port, though, is just for connecting to a printer. As far as I know, there is no micro-usb to lan cable exist.
So, I cannot use your solution.
If I am using a site, like unlocator, to change my dns location to watch sports, will that slow my modem connection down? If I were to give my cable provider my address information would they know that I changed that on my dns setting for my modem?
Smart DNS proxy services like Unlocator do not affect your Internet speed. There’s shouldn’t be any issues with your address.
Our site currently been DNS Hijacked.
Any suggestions on resolving this issue ?
Can you please clarify on symptoms ?
Informing article.
I need some information. I have three questions:
1. Are VPN Routers slower than Smart DNS Services?
I am thinking of buying a VPN router if its speed is comparable to a DNS proxy
server’s.
2. I have a wireless Access Point (TP-LINK TL-WA701ND) and it is connected to a
wired router (Level1 FBR-1418TX). Which one should I use the DNS service?
Right now I use it on the Access Point with the Unlocator DNS Service. I connect
my devices (Apple TV, iPad, iPhone with wifi through wireless AP. I subscribe with
local ISP through cable modem that connected to my router.
3. It seems my ISP keep changing my IP Address everyday, I never notice it before
until I bought Apple TV recently and start watching Hulu+. The problem is I cannot
access Hulu the next day after I put it to sleep. So I have to turn on my PC
everyday to update my IP at Unlocate website so I can watch my Hulu. Is there
a way to do this without updating my IP through computer?
1- Yes, a good VPN provider will give you roughly a 10% speed hit.
2- Both work in standard situations, but I would do it on the AP, just for easy of management.
3- Contact Unlocator they do have an API a Android App and other ways of auto updating your IP.
Thanks for the speedy answers!
Enjoy ! And please share the blog.
(As stated above; This is for non-technical experts, but I will still play the devils advocate)
First off… good article.
Now for the downside..
1. When using the “The Easy Way” method you must still trust your VPN provider as they or their ISP may be hijacking DNS, at which point your in the same boat with or without it.
2. “The Hard Way” (let’s just say if actually possible) may work for awhile but is still exposed if the ISP catches onto this method and starts redirecting port 54 to their DNS servers anyway.
So is there a real solution? Yes I believe so, the entire internet answering only with DNSSEC. Though DNSSEC has been around for quite some time, it’s still not common and unfortunately must overcome it’s own problems.
The thing with DNSSEC is that you still need an external provider and your devices need to support DNSSEC or at least your router has to. I for myself using a dd-wrt router with port 54 redirects. Thanks for the input !
Great article thanks for the “411”