What is DNS Hijacking and How to Prevent it?

What is DNS?

DNS (Domain Name System) that is, the domain name system, its core function is to manage the domain name to IP address mapping data, the host in the access to the domain name, by querying the DNS service, to obtain the domain name corresponding to the IP address, and to ensure that these domain names can not be duplicated. 

So why do we need a DNS system, mainly because IP addresses, such as: 122.89.2.3, do not meet the human memory habits, there is a literal meaning of the domain name, such as tao.com is more likely to be remembered. 

DNS record types 

 Field name: Name for the host, Value for the IP address 

2, Type = CNAME, standardized name alias record 
Field name: Name is the alias of the standardized name, and Value is the standardized name.  

For example, the alias of baidu.com is m.baidu.com. 
3、Type=NS， store a domain name corresponding to the address of the authoritative server (what is the authoritative server, will be introduced later) 
 Field name: Name domain name (such as abc.com) , Value for the domain name of the authoritative server for the domain name of the domain name of the domain name 
4, Type = MX , according to the e-mail address, to find the domain address of the mail server 
Field name: Value is the name of the mail server corresponding to the name  
Among them, the record field TTL indicates the record cache time, more than the cache time, it will be deleted from the cache, such as if TTL is set to 10 minutes, then the DNS record cache of more than 10 minutes will be deleted. 

READ MORE： The most common DNS attack methods
 

What is DNS hijacking?

 DNS (Domain Name System), or domain name system, is the "navigator" of the Internet, responsible for converting human-readable URLs (e.g., www.example.com) into computer-recognizable IP addresses (e.g., 192.168.0.1). However, DNS hijacking refers to the use of technical means by unscrupulous elements to tamper with the DNS resolution process, resulting in users trying to access legitimate websites being redirected to malicious websites, which may be exposed to the risk of personal information leakage, property damage, and other risks. This process is closely related to the security status of network operation service providers and user devices, rather than specific to a particular service platform. 

How does a DNS hijacking attack work?

Your DNS servers are owned and controlled by your ISP (Internet Service Provider), and your system's DNS settings are usually assigned by your ISP. 
- When a user tries to access a website, the request is referenced to their system's DNS settings, which in turn redirects the request to the DNS server; 
- The DNS server scans the DNS request and then directs the user to the requested website; 
- However, when user DNS settings are compromised due to malware or router intrusion, DNS requests sent by the user are redirected to a rogue DNS server controlled by an attacker; 
- This attacker-controlled rogue server will convert the user's request to a malicious website. 

Types of DNS hijacking attacks

- Local DNS Hijacking Attacks - In local DNS hijacking, an attacker plants malware on the user's system and modifies the local DNS settings so that the user's system now uses DNS servers controlled by the attacker. The attacker-controlled DNS server translates web domain requests to the IP address of the malicious site, thereby redirecting the user to the malicious site. 
- Router DNS Hijacking Attacks - In this type of attack, an attacker exploits a firmware vulnerability present in a router to override DNS settings, thereby affecting all users connected to that router. The attacker can also take over the router by exploiting its default password. 
- Man-in-the-Middle (MiTM) DNS Attack - In this type of DNS hijacking, the attacker performs a Man-in-the-Middle (MiTM) attack to intercept the communication between the user and the DNS server and provide a different destination IP address to redirect the user to a malicious site. 
- Rogue DNS Server - In this attack, an attacker can crack a DNS server and change DNS records to redirect DNS requests to a malicious site. 
 

How to prevent DNS hijacking?

Stay vigilant: Check the address bar of your browser regularly to ensure that the URLs you visit are accurate. 

Use a secure network environment: Try to avoid performing sensitive operations in public Wi-Fi environments to prevent eavesdropping by unscrupulous elements. 

Install and update security software: Install and update anti-virus software and firewalls promptly to provide all-around protection for your computer and network. 

Verification through official channels: For any links or information suspected to be fake, please verify them directly through the official Speaking English App, public number, or official customer service phone number, and do not trust information from unofficial sources.