What about DNS pollution?

What is DNS?

DNS (Domain Name System) is the “phone book” of the Internet, responsible for translating human-readable domain names (e.g. www.example.com) into machine-understandable IP addresses (e.g. 192.0.2.1). Since network communication relies on IP addresses, and we are more accustomed to using domain names, DNS was designed for this purpose, providing efficient domain name resolution services. 

I: How DNS works  
When you enter a web address in the browser, the process that happens behind the scenes is actually the domain name resolution through DNS.The DNS query process can be roughly divided into the following steps:

1. User initiates a request The user enters the domain name in the browser (e.g. www.example.com). At this point, the computer will check the local cache to see if the IP address corresponding to the domain name has been stored. If the cache has the result, it will return directly; otherwise, it will start the query process.

2. Role of the Local DNS Server If there is no corresponding IP address in the local cache, the operating system sends the request to the configured local DNS server (usually provided by an Internet Service Provider (ISP)). In this case, the local DNS server will try to find the IP address corresponding to the domain name. If the local DNS server itself does not have a record, it will continue to query other DNS servers. 3.   
3. Recursive Queries If the local DNS server does not have a cached result for the domain name, it will initiate a recursive query to a higher-level DNS server. First, the query is sent to the root DNS server. 4.   
4. root DNS server The root DNS server is responsible for managing the top level of the DNS system. It does not directly store the mapping of domain names to IP addresses, but directs DNS queries to top-level domain name servers (TLD servers). For example, a query for www.example.com will point the root DNS servers to the .com top-level domain servers. 5.   
5. TLD Servers Top-level domain name servers are responsible for administering specific top-level domains (e.g., .com, .org, etc.) The TLD servers further forward the query to the authoritative DNS servers responsible for the domain. 6.   
6. Authoritative DNS Servers An authoritative DNS server is the ultimate “answer source” that holds the exact resolution record for a particular domain name, including the mapping of the domain name to an IP address. It returns the results of the query to the requesting DNS server. 7.   
7. Returning Results Finally, the DNS server returns the resolved IP address to the user's browser, which can then use it to establish a connection with the server of the target Web site and load the Web page content.   
II. What is DNS Pollution?   
DNS Spoofing, also known as DNS Hijacking or DNS Cache Poisoning, is when an attacker or some organization returns an incorrect IP address during the DNS resolution process, causing users to visit the wrong page or be redirected to a malicious website.   
Common manifestations   
- Jump to phishing page when accessing certain websites.   
- Unable to access normal websites, prompting “Unable to resolve domain name”.   
- Hijacked to advertisements and fraudulent pages.   
III. The working principle of DNS pollution   
1. Sending DNS requests: When a user visits a website, he/she first sends a request to the local DNS server to look up the IP address of the domain name.   
2. Hijacking DNS requests: During network communication, an attacker or an intermediary intercepts the DNS request and returns a fake IP address to lead the user to a malicious website.   
3. Access to the wrong page: The browser accesses the target page based on the wrong IP address returned and ends up in a trap.   
IV. Common DNS Pollution Attacks   
1. DNS Cache Poisoning: The attacker injects forged DNS records into the DNS cache, causing subsequent resolution requests to return error messages. 2.   
2. Man-in-the-middle (MITM) attack: The attacker inserts a malicious man-in-the-middle between the user and the DNS server to modify the returned IP address. 3. Hijacking ISP resolution: The attacker hijacks the ISP's resolution.   
3. Hijacked ISP Resolutions: Some ISPs (Internet Service Providers) use DNS hijacking to direct traffic to specific pages, such as advertisements or other content.   
V. How to detect DNS pollution?   
1. Use the ping or nslookup command.   
Enter it at the command line:   
Check the IP address returned, if the IP address is abnormal or not as expected, it is most likely DNS pollution. If the IP address is abnormal or does not match the expected one, it is likely to be DNS pollution. You can go to the Internet to find some domain name resolution tools for comparison.   
2. Use online detection tools   
3. Change DNS server: Use Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1), China Telecom (114.114.114.114) to bypass the local DNS pollution by changing the resolution server.

VI: How to solve DNS pollution?

1. Choose a reliable DNS service provider

Choose an experienced and well-reputed DNS service provider, such as public DNS services like CDN5 DNS and Cloudflare DNS. These large companies usually have strong security protection system and good service quality, which can effectively resist DNS pollution attacks.

2. Using DNSSEC technology

DNSSEC (DNS Security Extension) is a technology used to enhance DNS security. With DNSSEC, users can verify the legitimacy of DNS responses and thus avoid being affected by DNS pollution. Using DNS servers and resolvers that support DNSSEC can better secure domain name resolution.   
VII. Effective Methods to Prevent DNS Pollution   
1. Use encrypted DNS protocol   
(1) DNS over HTTPS (DoH): Encrypts DNS queries over HTTPS to prevent intermediaries from tampering with data.   
(2) DNS over TLS (DoT): Encrypt DNS queries via TLS protocol to enhance data security. 2.   
2. Replace the reliable DNS server, we recommend using the following public DNS servers:

(1) CDN5 DNS: 8.8.8.8 and 8.8.4.4.   
(2) Cloudflare DNS: 1.1.1.1. 3.   
3. Enable VPN: Using VPN can encrypt the entire network traffic to avoid local DNS pollution and ensure the security of DNS query data. If you don't know what VPN is, you can read this article: Do you understand Virtual Private Network (VPN)?   
4. Configure the Hosts file   
Manually configure the IP addresses of key websites in the hosts file to bypass the DNS resolution process:  
 

# Example: Add CDN5's IP address 103.41.167.234 cdn5.com