wiki:doc/DNSHijacking

What's DNS hijacking?

DNS hijacking is the act of an ISP redirecting resolution of hostnames to other servers, usually for advertising purposes. The use of DNS hijacking hurts Tor exit-relay quality. Tor attempts to detect and compensate, however it is not always possible. The best solution is to disable the hijacking or switch to a different Public DNS resolver, or use your own DNS server.

Solutions

Opt-out

Some ISPs and DNS providers let you disable DNS hijacking. Below is a list of such ISPs:

SSL

Encrypted, authenticated DNS ideas (ISPs cannot intercept):

Setup your own DNS server

  • BIND? for Linux.
  • Use your own DNSSEC supported DNS server or resolver, or, use trustworthy external DNSSEC supported recursive/caching DNS Server. Few DNSSEC supported DNS Server software are: BIND, Unbound, GbDns, etc.

Public DNS (resolver) servers

If opting out is not feasible, there are public DNS servers you can use for free. Below follows some services and IP addresses:

Level 3 / GTEI (Now owned by VERIZON)

  • 4.2.2.1
  • 4.2.2.2
  • 4.2.2.3
  • 4.2.2.4
  • 4.2.2.5
  • 4.2.2.6

ISSUES: Verizon publicly known for manipulating, filtering, redirecting DNS answers.

OpenNIC

  • List of servers
  • Find DNS server from OpenNIC site, which has disclosed that it does not do any form of Redirect and does not keep log, and does not store records, and does not store user's any information.

Google

  • 8.8.8.8
  • 8.8.4.4

ISSUES: Google deletes IP address for a DNS query after 24 hours, but permanently stores ISP, location information for that DNS query. See Google Public DNS (wikipedia) and check reference area.

Other Public DNS Servers

List of other Public DNS Servers are also available from:

Other DNS related articles

Last modified 6 years ago Last modified on Sep 14, 2012, 10:17:48 PM