What is DNS hijacking?

IPSHU ^©

Local DNS Hijacking:The attacker installs Trojan malware on the user's computer and changes the local DNS settings to redirect the user to the malicious site.
Router DNS Hijacking:Due to a leaked router password or a bug in the firmware, the attacker can take over the router and reset the DNS address, which will affect all users connected to the router.
Man in the middle (MITM) DNS attack:The attacker intercepts the communication between the user and the DNS server and provides different target IP addresses to the malicious site.
Rogue DNS Server:The attacker realizes DNS hijacking by invading DNS server and changing DNS records to redirect DNS requests to malicious sites.

How can I know if my DNS has been hijacked?

1. Check your computer's DNS.

Open the Control Panel and find "Network and Sharing Center".
Click "View Network Status and Tasks" under "Network and Sharing Center" to view the currently connected networks.
Click the network you are connected to and check the status of the current network.
Click "Properties" to go to the WLAN Properties window.
Click "Internet Protocol Version 4 (TCP/IPv4)", and then click "Properties" to the configure interface.
Check the DNS server address. If you have not set it before, it will be obtained automatically by default; if you have set it but displaying an unfamiliar DNS address, it means that your computer's DNS has been hijacked.

2. Check your router's DNS.

Enter the router's login IP in the browser address bar, such as 192.168.100.1 (the login IP of different brands of routers may be different), and then enter the user name and password to log in.
After logging in to the router admin interface, click the "Internet".
In the Internet interface, you can see the DNS address of the router. If you have not set it before, it will be obtained automatically by default; if you have set the computer's DNS address before but displaying an unfamiliar DNS address, it means that your router's DNS has been hijacked.

3. The MITM DNS attack and Rogue DNS Server is is relatively complex, which requires professional technicians to detect and tell.

What should I do if my DNS has been hijacked?

For individuals and website operators, if encountered DNS hijacking unfortunately, you can manually modify the DNS and use well-known public DNS, such as Google DNS (8.8.8.8) or 114DNS (114.114.114.114).

In addition, if the website has not been deployed for HTTPS, it is strongly recommended to deploy it as soon as possibe. If condition permits, you can also use DNS cloud acceleration, which can effectively reduce the occurrence of DNS cache modification and minimize the risk of domain name hijacking.

How can I prevent my DNS from being hijacked?

Reset the default password of the router and use a complex password to increase the security of the router.
Upgrade router's firmware to fix all vulnerabilities in the router to avoid harm.
Stay away from untrusted websites and don't click on unsafe links.
Use good security software and antivirus programs, and make sure to update your software regularly.
Use a secure public DNS server.
Regularly check your DNS settings for tampering and make sure your DNS servers are secure.

Once DNS hijacking occurs, it will have a certain impact on individuals and businesses. The impact on individuals is relatively small, but for enterprises and institutions, it is a very serious problem. It would cause the organization to lose control of the domain name, and once the attack is realized, users may visit a fake site. Especially for banks, governments and other institutions, it is likely to cause huge risks such as leakage of sensitive information and property loss. The negative impact of DNS hijacking is self-evident. Therefore, it is necessary to pay attention to DNS security issues. Installing a website monitoring tool can help to avoid DNS hijacking.