What is DNS poisoning? What are the dangers? How to solve it?

In this issue, we will share with you "Content related to DNS pollution".

Introduction to DNS pollution
DNS pollution, also known as DNS cache poisoning and DNS hijacking, is a means of network attack or interference. By injecting false domain resolution results into the DNS (Domain Name System) server, users are mistakenly directed to malicious or irrelevant IP addresses when visiting websites.

Principles of DNS pollution
The core function of DNS is to convert domain names (such as google.com) into corresponding IP addresses. DNS pollution is achieved through the following methods:

Forged DNS response: The attacker forges the response of the DNS server and returns an incorrect IP address.
Man-in-the-middle attack: Intercept and tamper with the DNS query results during network transmission.
Local hijacking: Modifying local DNS settings through malware or router vulnerabilities.

Hazards of DNS pollution
(1) Users cannot access the target website

Users are mistakenly directed to invalid or fake IP addresses, resulting in interruption of normal services.

(2) Privacy leakage and phishing

Users may be directed to fake websites (such as fake bank pages) and have their sensitive information stolen after entering them.

(3) Content censorship and information blocking

Some regions implement Internet censorship through DNS pollution to restrict access to specific content (such as social media and news websites).

(4) Damage to the network trust system

Long-term pollution will weaken users' trust in the domain name system and affect the network ecology.

(5) Enterprise service interruption

If the enterprise's internal network is polluted by DNS, it may cause internal system paralysis or data leakage.

Solution

(1) Use encrypted DNS protocol

DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) prevents tampering by middlemen by encrypting DNS queries and responses. Common services:

Cloudflare: 1.1.1.1 (supports DoH/DoT)
Google: 8.8.8.8 (supports DoH/DoT)
Recommended tools: Browsers (such as Firefox, Chrome) have built-in DoH support, or use tools such as dnscrypt-proxy.

(2) Change public DNS servers

Choose a trusted public DNS service provider and avoid using the default operator DNS:

Cloudflare: 1.1.1.1 (fast speed, privacy first)
Google: 8.8.8.8 / 8.8.4.4
OpenDNS: 208.67.222.222`/ 208.67.220.220
(3) Proxy


By encrypting all network traffic (including DNS queries), you can bypass local DNS pollution.

Choose a service that supports "DNS Leakage Protection".

(4) Modify the Hosts file

Manually bind the domain name and the correct IP address in the "hosts" file of the operating system (IP needs to be updated regularly, which is suitable for a few key websites).

Notes:

Compliance with regulations: Some countries restrict encrypted DNS or VPN, and local regulations must be followed.
Service reliability: Public DNS may cause delays due to geographical location, so choose a nearby node.
Continuous updates: DNS pollution technology is constantly evolving, and multiple methods must be combined for defense.