What is DNS pollution? Learn the principles and protection in one article

Friends, have you ever encountered this situation?

Today, Shenchang will help you understand what DNS pollution is and teach you how to prevent it effectively!

1. What is DNS?
DNS (Domain Name System) is a system that converts domain names (zhihu.com) into IP addresses (103.41.167.234).When you visit a website, the browser will request the DNS server to resolve the domain name, and the DNS server will return the corresponding IP address, and then the web page can be opened normally.

Simple analogy: DNS is like the "phone book" of the Internet, translating the domain name you enter into a specific address so that you can find the target website.

2. What is DNS pollution?
DNS Spoofing, also known as DNS hijacking or DNS cache poisoning, refers to attackers or certain organizations returning incorrect IP addresses during the DNS resolution process, causing users to access incorrect pages or be redirected to malicious websites.


Common symptoms:

When visiting certain websites, jump to the phishing page.

Cannot access normal websites, prompt "Unable to resolve domain name".

Being hijacked to advertising, fraudulent pages.

3. How DNS pollution works

Sending DNS requests: When a user visits a website, it first sends a request to the local DNS server to query the IP address of the domain.
Hijacking DNS requests: During network communication, the attacker or middleman intercepts the DNS request and returns a forged IP address to guide the user to a malicious website.
Visiting an error page: The browser accesses the target page based on the returned error IP address, and ends up falling into a trap.

4. Common DNS pollution attack methods
DNS cache poisoning: The attacker injects forged DNS records into the DNS cache, causing subsequent resolution requests to return error messages.
Man-in-the-middle attack (MITM): The attacker inserts a malicious middleman between the user and the DNS server to modify the returned IP address.
Hijacking ISP resolution: Some ISPs (Internet service providers) will use DNS hijacking to direct access traffic to specific pages, such as advertising pages or other content.
5. How to detect DNS pollution?
(1) Use the ping or nslookup command

In the command line, enter:

Check the returned IP address. If the IP address is abnormal or inconsistent with expectations, it is likely DNS pollution. You can find some domain resolution tools online for comparison.
(2) Use online detection tools

(3) Change DNS servers: Use Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1), China Telecom (114.114.114.114), and bypass local DNS pollution by changing the resolution server.

6. Effective methods to prevent DNS pollution
(1) Use encrypted DNS protocols

DNS over HTTPS (DoH): Encrypt DNS queries through HTTPS to prevent middlemen from modifying data.

DNS over TLS (DoT): Encrypt DNS queries through the TLS protocol to enhance data security.

(2) Change to a reliable DNS server. It is recommended to use the following public DNS servers:
Google DNS: 8.8.8.8 and 8.8.4.4
Cloudflare DNS: 1.1.1.1
(3) Enable VPN: Using a VPN can encrypt the entire network traffic, avoid local DNS pollution, and ensure the security of DNS query data. 

(4) Set up the Hosts file

Manually set the IP addresses of key websites in the hosts file to bypass the DNS resolution process: