Differences between DNS hijacking and DNS pollution

Source: Internet
Author: User

We know that some network operators perform DNS operations for some purpose, so that the correct IP address cannot be obtained through the domain name through the normal internet access settings of the ISP. Common means include DNS hijacking and DNS pollution. What is DNS hijacking? DNS hijacking means that the DNS server is hijacked to obtain control of the Resolution record of a domain name through some means, and then modify the resolution result of this domain name, as a result, the access to this domain name is transferred from the original IP address to the modified specified IP address. The result is that the access to a specific website cannot be accessed or the access to a fake website is, in this way, data is stolen or the original normal services are damaged. DNS hijacking is achieved by tampering with the data on the DNS server and returning an incorrect query result to the user. DNS hijacking: After a user successfully connects to a broadband network in some regions, the user opens any page for the first time and points to the content pages provided by the ISP, such as "telecom internet star" and "Netcom yellow page advertisement. In addition, Baidu's website appeared when users visited the Google domain name. These are DNS hijacking. Simply put, when you enter the google.com URL, the website you see is Baidu's homepage. What is DNS pollution? DNS pollution is a DNS cache poisoning attack that prevents common users from communicating with the target host due to a false host IP address ). The working method is as follows: Generally, DNS queries do not have any authentication mechanism, and DNS queries are generally based on UDP protocol without connection reliability. Therefore, DNS queries are prone to tampering, performs Intrusion Detection on DNS queries on UDP port 53. Once a request that matches the keyword is found, the request is immediately disguised as the DNS Server of the target domain Name (NS, Name Server) returns false results to the queryer. DNS pollution occurs in the first step of user requests and directly interferes with users' DNS requests from the protocol. Symptoms of DNS pollution: many websites that are currently banned from access are implemented through DNS pollution, such as YouTube and Facebook. For DNS hijacking, you can use a recognized foreign DNS server. For example, OpenDNS ( or GoogleDNS ( ). For DNS pollution, it can be said that it is difficult for individual users to solve the problem by setting up. Generally, VPN or domain name remote resolution can be used, but most of them need to purchase paid VPN or SSH, etc, you can also manually set the correct IP address of the domain name by modifying the Hosts method. Summary DNS hijacking means that when a user accesses a marked address, the DNS server intentionally points this address to an incorrect IP address. For example, some users of China Netcom, China Telecom, and China tietong sometimes find that they want to access an address but are switched to various websites such as push ads. This is DNS hijacking. DNS pollution refers to a user accessing an address. When a domestic server (not a DNS) monitors a marked address accessed by the user, the server pretends to be a DNS server that sends a wrong address back to the user. Example: access to websites such as Youtube and Facebook.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.