Home/ Glossary/ DNS Hijacking

DNS Hijacking (DNS Hijacking)

Security Glossary - DNS

Definition: DNS hijacking is an attack where DNS queries are redirected to return incorrect IP addresses, sending users to malicious servers instead of the intended destination. This can happen through compromised DNS servers, router malware, rogue DHCP servers, or man-in-the-middle attacks on the network path between user and resolver.

The Importance of DNS Hijacking

DNS hijacking is particularly dangerous because it is invisible to the user. The browser shows the correct domain name in the address bar, but the actual server is controlled by the attacker. Combined with a fraudulent SSL certificate (from a compromised CA or a CA that does not check CAA records), the attack can be completely transparent.

Common attack vectors include compromising the domain's registrar account (to change NS records), exploiting vulnerabilities in home routers (to redirect DNS to attacker-controlled servers), and poisoning the cache of recursive resolvers. BGP hijacking can also redirect DNS traffic at the network level.

Defenses include DNSSEC (which validates DNS responses cryptographically), registrar lock (which prevents unauthorized NS record changes), CAA records (which limit certificate issuance), and Certificate Transparency monitoring (which detects fraudulent certificates). Two-factor authentication on your registrar account is one of the most important protections.

How to Test for DNS Hijacking

Monitor your DNS records regularly with a DNS health checker to detect unauthorized changes. Enable DNSSEC to prevent DNS spoofing. Set up Certificate Transparency monitoring to detect fraudulent certificates. Enable registrar lock and two-factor authentication on your registrar account.

Check DNS Health

DNS Hijacking FAQ

How do I know if my DNS has been hijacked?
Monitor your DNS records for unauthorized changes. Certificate Transparency logs can reveal if unauthorized certificates have been issued for your domain. Sudden changes in traffic patterns or users reporting seeing different content are also indicators.
How do I prevent DNS hijacking?
Enable two-factor authentication on your registrar account. Use registrar lock to prevent unauthorized NS record changes. Deploy DNSSEC to prevent DNS spoofing. Set CAA records to limit certificate issuance. Monitor CT logs for unauthorized certificates.

Related Concepts

DNS Spoofing / Cache Poisoning DNS Security Extensions Domain Name System Man-in-the-Middle Attack Certificate Transparency
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.