We know that some network operators for some purposes, some of the DNS operation, resulting in the use of the ISP's normal Internet settings cannot obtain the correct IP address through the domain name. Common means are: DNS hijacking and DNS pollution. For the differences between DNS hijacking and DNS pollution, find related articles.
The method of dealing with DNS hijacking is very simple, only need to change the system's DNS settings to the Foreign DNS server IP address can be resolved. But for DNS pollution, there is no other way than to use software such as proxy servers and VPNs. But with our understanding of DNS pollution, we can do without proxy server and VPN and other software can solve the problem of DNS pollution, so that in the case of non-use of proxy server or VPN access to some of the original site. Of course, this does not solve all the problems, when some inaccessible site itself is not caused by DNS pollution problems, or need to use a proxy server or VPN to access.
We know that DNS-contaminated packets are not generated by the routers on which the network packets are passed, but by their bypass. Therefore, DNS pollution does not prevent the correct DNS resolution results returned, but because the packet generated by the bypass is sent back faster than the foreign DNS server, the operating system believes that the first received packet is the return result, thereby ignoring the packets received thereafter, so that the DNS pollution is successful. DNS pollution in some countries for a period of time the pollution of the IP is fixed, thus can ignore the return result is these IP address packets, directly resolve the problem of DNS pollution.
Here I use Java to do a simple small program and provide source code, after the local run, you can not have a proxy server and VPN in the case, can directly solve the problem of DNS pollution. If you do not have Java installed, you can install one on http://www.java.com/. After unlocking Antidnspollution.zip, run Filter.bat (Linux users run filter.sh) and wait for the boot to succeed. Then set the IP address of the system's DNS server to 127.0.0.1. Then open a command-line window, execute nslookup Some DNS-contaminated domain names, is the resolution correct?
Here is the specific workflow of this applet: first, after the program starts, it will read the configuration from the text file dnsfilter.properties, and then go to a nonexistent DNS server-but this IP address is foreign-the DNS query is hijacked domain name, Then the returned IP address is the hijacked IP, is recorded, and then the normal DNS query, the IP address is automatically filtered. This program will be updated periodically and may also be out. NET version, please follow the update on my Google reader.
For advanced users, you can modify the configuration file dnsfilter.properties by hand using a text editor:
Bindtoip: After the applet is started as the DNS service period bound 53 port, here specify the IP address of the binding
DNSServer: A foreign DNS server that can be set to the IP address of the OpenDNS or Google DNS server
Responsetimeout:dns query returns the time-out (in milliseconds)
Testdnsserver: To test the DNS server, specify a non-existent DNS service period, but require IP to be foreign
Testresptimeout: Test DNS Server query returns time-out (in milliseconds), which is the bypass reply timeout for DNS hijacking
Testcount: Number of times to test the DNS server, in order to get all the hijacked IP addresses, a certain number of tests are required
The execution file and source code of the applet are in the same compressed package, please download the following link (with source code).
Download: Executable program (with source code) that is not dependent on the Java environment
Download: Programs that depend on the Java environment (including source code)
Contributor email:lehui99 (at) gmail.com, author Google reader:https://www.google.com/reader/shared/lehui99
Resolving DNS hijacking and DNS pollution issues through open source programs