Notice Contact Us Support
CN EN
Home
DNS Resolution
DNS Intelligent Resolution
Fast, secure, and stable smart DNS resolution services
Custom Authoritative DNS
Detect, prevent, block, and repair DNS hijacking and poisoning
DNS Pollution Treatment Domain Name SSL Certificates
Hosting Services
Cloud Server > HK Cloud Server US Cloud Server SG Cloud Server
Server > HK Dedicated Server HK SEO Server HK High Bandwidth Server HK International High Bandwidth Server US Dedicated Server US SEO Server SG Dedicated Server
Anti-DDoS > HK Anti-DDoS Server US Anti-DDoS Server SG Anti-DDoS Server Anti-DDoS IP > Anti-DDoS IP
Company
About DNS
A globally renowned comprehensive DNS service provider
Support
Welcome to the Answer
Contact Us
Leave us a message or contact us via email
AFF
Join the AFF Program and earn your commissions
Register Sign In
Support >
  About cybersecurity >
  How to determine if a website has been hijacked by DNS? How to deal with DNS hijacking
How to determine if a website has been hijacked by DNS? How to deal with DNS hijacking
Time : 2025-05-26 14:24:56
Edit : DNS.IO

  In the Internet environment, DNS (Domain Name System) is like the "address book" of the online world, converting domain names that are easy for people to remember into IP addresses that can be recognized by computers, so that users can smoothly access websites. However, the existence of DNS hijacking seriously threatens network security and users' normal access experience. Understanding how to determine whether a website has been hijacked by DNS and mastering effective handling methods is crucial to ensuring network security and stability.

  Principle of DNS hijacking

  DNS hijacking, in simple terms, refers to the attacker tampering with the domain name resolution records on the DNS server, or interfering with the communication between the user's device and the normal DNS server, so that when the user accesses a specific domain name, the user is directed to the wrong IP address. The attacker can use this to guide users to malicious websites, steal user information, spread malware, or conduct phishing and other activities. Common DNS hijacking methods include:

  Tampering with DNS server records: The attacker invades the DNS server and directly modifies the mapping relationship between the domain name and the IP address. For example, the domain name of the bank's official website visited by the user is resolved to the IP of a phishing website. When the user enters the bank's domain name, he will be misled to the phishing website, thereby leaking important information such as account passwords.

  ARP spoofing: In a LAN environment, the attacker modifies the ARP cache table of the target device by sending a forged ARP (Address Resolution Protocol) response packet, redirecting the request that should have been sent to the correct DNS server to the DNS server controlled by the attacker, thereby achieving DNS hijacking.

  How to determine if a website is hijacked by DNS

  1. Abnormal website access

  Domain name cannot be resolved: When the user enters the correct domain name, but cannot access the website normally, the browser prompts "Cannot find the website" or "DNS resolution failed" and other error messages. This may be due to DNS hijacking, causing the domain name to be unable to be correctly resolved.

  Accessing the wrong website: If a user visits a well-known website, but enters an unfamiliar, suspected phishing website, or the page display is chaotic and the content is inconsistent with expectations, it is very likely that the DNS has been hijacked and the domain name has been incorrectly resolved to another IP address.

  2. Use professional tools to detect

  nslookup command: In Windows system, open the command prompt and enter "nslookup domain name", for example "nslookup baidu.com". Under normal circumstances, the correct IP address corresponding to the domain name will be displayed. If the displayed IP address is inconsistent with the IP officially announced by the website, or multiple abnormal IPs are resolved, there may be a DNS hijacking problem. In Linux systems, similar dig commands can also be used for detection.

  Online DNS detection tools: Online tools such as DNSPerf and DNSViz can perform comprehensive DNS detection on domain names. They can not only detect whether the DNS resolution is correct, but also analyze the response time of the DNS server, whether there are abnormal records, etc., to help users more comprehensively determine whether there is DNS hijacking.

  3. Compare access situations under different network environments

  Access the same website under different network environments, such as using a home network, mobile data network, or public WiFi network. If access is abnormal in a certain network environment, but normal in other network environments, it is likely that the DNS server of the abnormal network environment has been hijacked. For example, if an abnormality occurs when accessing a website under the company's WiFi, and the access is normal after switching to mobile data, it is necessary to suspect whether the DNS settings of the company network have been tampered with.

  How to deal with DNS hijacking

  1. Change DNS server

  Use public DNS server: You can change the device's DNS server to a public DNS server, such as Google's 8.8.8.8, 8.8.4.4, or China's 114.114.114.114, etc. In Windows, open the "Network Connections" settings, find the current network connection, right-click "Properties", select "Internet Protocol Version 4 (TCP/IPv4)" in the "Network" tab, click "Properties", and manually set the DNS server address. This can bypass the hijacked local DNS server and restore normal domain name resolution.

  Use the DNS recommended by the operator: Contact the network operator to obtain the recommended DNS server address and set it. The DNS server provided by the operator is usually professionally maintained, with high security and stability, which can effectively avoid DNS hijacking problems.

  2. Check the device and network security

  Check for viruses and malware: Run professional antivirus software and malware scanning tools to perform a comprehensive scan on computers, mobile phones and other devices to remove possible viruses, Trojans and malware. These malicious programs may tamper with the device's DNS settings, resulting in DNS hijacking.

  Check the router settings: Log in to the router management interface and check whether the router's DNS settings have been tampered with. If the DNS server address is found to be modified to an unfamiliar IP, it should be restored to the default settings or changed to a reliable DNS server address in time. At the same time, change the router's login password and set a high-strength password to prevent the router from being invaded again by attackers.

  3. Report to relevant departments and institutions

  Report to the network operator: If it is confirmed that the network operator's DNS server has been hijacked, it should be reported to the operator's customer service in a timely manner and asked to handle it as soon as possible. The operator has the responsibility to ensure the security and stability of the network and will take corresponding measures to repair the hijacked DNS server.

  Report to the Internet Emergency Center: You can report DNS hijacking incidents to the National Internet Emergency Center (CNCERT) or local network security management departments, provide detailed incident information, such as the hijacked domain name, the time when the problem occurred, the network environment involved, etc., to assist relevant departments in investigation and handling, and jointly maintain the network security environment.

  DNS hijacking seriously threatens network security and the legitimate rights and interests of users. By understanding the principles of DNS hijacking and mastering scientific and effective judgment methods and handling measures, users and network managers can promptly discover and solve DNS hijacking problems and ensure the security and stability of network access. In daily network use, you must also remain vigilant, regularly check network settings and device security, and guard against network security threats such as DNS hijacking.

Previous one:HTTP 403 Error Comprehensive Analysis: Root Cause Diagnosis and Systematic Repair Solution Next one:How to deal with DDoS attacks with high-defense IP
Latest Posts
What to do if Mac cloud host cannot be connected? Common problems and solutions E5 server vs. E3 server, how should enterprises make a choice? HTTP 403 Error Comprehensive Analysis: Root Cause Diagnosis and Systematic Repair Solution How to choose domain name and virtual host? Guide to accurate identification of native IP and static residential IP: technical methods and scenario analysis Is the US CN2 server suitable for high-traffic live streaming services? Improving cross-border response speed by optimizing Hong Kong server network latency What are the precautions for online DDoS stress testing of servers? How to ensure data security when deploying DeepSeek-r1 large model server The specific reasons and solutions for the mismatch between the DNS and IP regions of TikTok nodes
24/7/365 support.
We work when you work
Telegram
E-mail
Work Order
Support
Popular products
DNS Intelligent Resolution Domain Name SSL Certificates DNS Pollution Treatment Custom Authoritative DNS
Cloud Server
HK Cloud Server US Cloud Server SG Cloud Server
Dedicated Servers
HK Dedicated Server US Dedicated Server SG Dedicated Server
HK High Bandwidth Server HK International High Bandwidth Server HK SEO Server US SEO Server
Anti-DDoS
HK Anti-DDoS Server US Anti-DDoS Server SG Anti-DDoS Server Anti-DDoS IP
Data Centers
HK HGC HK Tsuen Wan Los Angeles, USA (LAX) Singapore, SG (SIN)
About DNS.IO
About DNS Support Glossary Privacy
©2025 dns.io. All Rights Reserved
DNSJude
DNSNOC
Title
Email Address
Type
Information
Code
Submit