DNS Hijacking

Last updated on Aug 30, 2024

Some days ago I stumbled on the some text, which explained that a lot of firmware lately bypasses your supplied DNS server with something that they trust. And this is specially true in malware. And I had been wondering what can I do to minimize this.

And this is where I searched for this article from OpenWRT. And of course the rules worked right out of the box. And I simply followed the Luci guide.

P.S. I did block DNS over TLS after this screenshot was taken.

And with this we can get some very weird effects, where your devices can think that Cloudflare or Google is responding for .local or .lan devices!

Yes this is from a Windows VM, since I like to keep my main network untouched.

This was quite nifty to demonstrate why we need technologies like DNSSec and DNS over TLS as DNS Hijacking can basically render all your other defenses pretty much useless.