New

Hacken is launching a monitoring tool. Get details and join our beta program

More

DNS hijacking

DNS hijacking
  • Discover

25 Aug 2022

During the last two weeks, you probably started to hear more frequently about DNS hijacking.

In this article, we will define what DNS hijacking is and how to prevent it.

Let’s start by understanding what DNS is and its importance.

The essential function of a Domain Name System (DNS) is to convert human-friendly domain names into machine-friendly IP addresses and connect internet users to websites. The first step in this process is a DNS resolver or a recursive DNS server that deals with the initial request and ultimately translates the domain into an IP address. 

By searching for DNS records on one or more DNS name servers, the DNS resolver finds the corresponding IP addresses that machines can read. DNS name server is an intrinsic part of the lookup process. That is because it answers the recursive DNS server about where specific websites can be found.

Now we can move to the part of the DNS hijacking process.

During DNS hijacking attacks or DNS redirection, DNS requests are resolved incorrectly to redirect users to malicious websites. This happens if a DNS server is under a hacker’s control and they divert the traffic to a fake DNS server. Then, the server translates a legitimate IP address into the IP address of a malicious website.


Hackers can achieve DNS hijacking in different ways. Here are the most popular:

Router DNS Hijack

This DNS hijacking method involves hackers using a vulnerable DNS router (a hardware device used by domain service providers to link their domain names to equivalent IP addresses) to launch a DNS attack by overriding and reconfiguring the router’s DNS settings. Once this is done, the attackers jam the website and then redirect traffic to another malicious website, making the website inaccessible to users.

Man-in-the-middle DNS Hijack

This is done by hackers operating within the communication between a network user and a DNS server to obstruct such communication and eventually redirect the user to an unknown destination IP address leading to harmful websites. It is also referred to as DNS spoofing.

Rogue DNS Hijack

This involves an attacker hacking the DNS server, altering its saved records, and redirecting subsequent DNS queries to malicious websites usually owned by them. 

Local DNS Hijack

This DNS hijacking method is achieved when a cybercriminal installs Trojan malware on a website user’s computer. This malware is built to disguise as legitimate software. Once it is active, it gives hackers access to the network systems in use and allows them to steal data and alter DNS settings to redirect users to fake websites. 


There are multiple options for securing your website from such a situation. The most common are:

Firewall

Installing a firewall for the DNS resolver prevents the installation of a fake resolver and blocks unauthorized access. A firewall acts as an additional protective layer preventing DNS hijacking.

Multifactor authentication

Restrict access to DNS name servers by using multifactor authentication, firewalls, and other physical and network security measures.

Separating the name server from the resolver

Run authoritative DNS name servers separately from the resolver to avoid cache poisoning. You need to separate the name server from the DNS resolver. Note that if they both run on the same server, they could be affected simultaneously.

Cache poisoning preventions

Prevent cache poisoning by randomizing user identity, using randomized query IDs, and using random source ports.


As a user, the only way to protect yourself from being a victim of such a hijack is by installing antivirus software and always keeping it updated. Moreover, there are some other specific software exists that helps you to detect DNS hijacks and avoid visiting malicious websites.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email


    Interested in getting to know whether your systems are vulnerable to cyberattacks?

    Tell us about your project

    • This field is required
    • This field is required
      • whatsapp icon WhatsApp
      • telegram icon Telegram
      • wechat icon WeChat
      • signal icon Signal
    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Apply for partnership

    • This field is required
    • This field is required
    • This field is required
    • This field is required
      • Foundation
      • VC
      • Angel investments
      • IDO or IEO platform
      • Protocol
      • Blockchain
      • Legal
      • Insurance
      • Development
      • Marketing
      • Influencer
      • Other
    This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Get in touch

    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    By submitting this form you agree to the Privacy Policy and information beeing used to contact you
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo