Is there a solution to DNS hijacking by operators?

#1

Is there a solution to DNS hijacking by operators?

0 Likes

#2

In general, DNS hijacking can be circumvented via DNS over HTTPS. DoH is available by default on iOS and Android via the 1.1.1.1 app but requires third-party software to get it set up on Windows and Mac.

1 Like

#3

Actually, I can see DoH working using Firefox on Windows 10 (but not on Chrome). I’ve set 1.1.1.1 as my DNS resolver both on Windows and on my router, but never added any other third party software…

0 Likes

#4

I would still say Firefox (and chrome) are third-party software :stuck_out_tongue:

Chrome is getting it soon https://crbug.com/799753 so that’s a plus.

1 Like

#5

I am afraid that is a bit too broad of a statement. It comes down to what “DNS hijacking” actually is supposed to mean. If it is regular DNS poisoning on the side of the ISP’s resolver, one wont even need any encrypted DNS channel. Switching resolver will be enough.

If, on the other hand, the ISP really performs DPI and reroutes all external DNS requests, DoH might be an actual solution.

Last, but not least, if “DNS hijacking” refers to hijacking requests to e.g. 1.1.1.1 none of that, including DoH, will help.

So, @1323280379, what exactly did you mean?

1 Like

#6

I agree. I’m assuming the main use of “dns hijacking” is the NXDOMAIN redirects to search pages, or ISPs blocking websites via DNS. As you said, it would be better to know exactly what the user is experiencing, so i’ll just wait on @1323280379’s response.

0 Likes