DNS redirection, or DNS hijacking, diverts results from a DNS server, often used by ISPs to display a search or help page instead of an error message. It can also block dangerous or illegal websites or be used in phishing attacks. DNS translates a domain name into an IP address, and DNS redirect eliminates the NXDOMAIN error result in favor of a search or help page. DNS redirection can be used to block access to malicious sites, but hackers can also use it for phishing attacks.
Domain Name System (DNS) redirection, also known as DNS hijacking, is the practice of diverting results from a DNS server. DNS redirection is used by some Internet Service Providers (ISPs) to display a search or help page instead of an error message when a website cannot be found. It can also be used to block websites that contain dangerous content or illegal, or as part of a “phishing” attack designed to steal personal information.
DNS is a fundamental component of the Internet. DNS translates a domain name, such as wiseGEEK.com, into a series of numbers called an Internet Protocol (IP) address. A web browser or other software will then contact a server at that IP address. If a domain name does not have a corresponding IP address in DNS, the system returns a “Domain does not exist” or “NXDOMAIN” result. This response, often the result of a bad domain name, usually causes the user’s web browser to display an error message.
DNS redirect eliminates the NXDOMAIN error result in favor of a search or help page maintained by an ISP. These pages often contain suggestions similar to what you typed. This practice can be useful for some users who are confused by cryptic error messages, but it can also be a source of extra income for ISPs since advertising is often found on these help pages. It can also cause problems for some applications that rely on the NXDOMAIN result, so it’s common for ISPs to use DNS redirection to give users an “off” preference.
In addition to being used on non-existent pages, DNS redirection can be used to block access to websites known to contain malware, viruses or illegal content. Instead of returning the IP address of the malicious site, a DNS server will return a page informing the user that the content has been blocked. This technique is used by some ISPs, but can be seen more frequently on public networks such as schools, libraries, and Internet cafés.
Hackers or identity thieves can use DNS redirection for more insidious purposes. A type of attack known as “pharming” injects illegitimate DNS settings on vulnerable servers and allows a hacker to redirect traffic to a fraudulent site. A “pharmed” DNS server might, for example, contain a fake listing for an online banking site leading to a carefully designed forgery to trick the user into revealing their personal information, a practice known as “phishing.”
Protect your devices with Threat Protection by NordVPN