Is there a solution to DNS hijacking by operators?
In general, DNS hijacking can be circumvented via DNS over HTTPS. DoH is available by default on iOS and Android via the 126.96.36.199 app but requires third-party software to get it set up on Windows and Mac.
Actually, I can see DoH working using Firefox on Windows 10 (but not on Chrome). I’ve set 188.8.131.52 as my DNS resolver both on Windows and on my router, but never added any other third party software…
I would still say Firefox (and chrome) are third-party software
Chrome is getting it soon https://crbug.com/799753 so that’s a plus.
I am afraid that is a bit too broad of a statement. It comes down to what “DNS hijacking” actually is supposed to mean. If it is regular DNS poisoning on the side of the ISP’s resolver, one wont even need any encrypted DNS channel. Switching resolver will be enough.
If, on the other hand, the ISP really performs DPI and reroutes all external DNS requests, DoH might be an actual solution.
Last, but not least, if “DNS hijacking” refers to hijacking requests to e.g. 184.108.40.206 none of that, including DoH, will help.
So, @1323280379, what exactly did you mean?