Best DNS for your Phone in 2022. Dns power bank

Best DNS for your Phone in 2022

The internet has become an important part of our lives today and while we have since grown to have enough bandwidth for most of our needs, it is pretty easy to forget the kind of complexity that goes into building the infrastructure that is the modern internet.

Proxies and VPNs get a lot of attention, presumably due to the purpose they serve; encrypting your data and tunneling your connection to a different location so you appear as though you’re surfing from a different location. This is rather important for accessing geo-restricted content.

One other unsung Hero of the internet is DNS or Domain Name System. This is essentially an address book for the internet, as it converts URLs to IP addresses, a form that the internet understands. Of course, this is a gross over-simplification and as such, we have a more detailed look at this here.

Now that we’ve acquainted ourselves with DNS there are a number of DNS providers on the internet today, some more popular than others and some more specialized than others and in this post, we shall look at a number of these, and why you should probably turn them on.

AdGuard

See, the internet is a wild place with adult content a simple web search away. This means that the minors in your home with access to a device can easily have access to this blue content even without your knowledge.

AdGuard offers a lot of services including VPNs, AdBlockers, and most importantly, support for Family-friendly web with its DNS. Should you want to ensure your device never gets access to any ‘bad’ websites, simply use this as your Private DNS.

Being Adguard, you get to enjoy the benefits of its adblocking engine so say goodbye to those annoying ads and popups that lead you to some shady websites. That said, some ads still come through so don’t expect a completely ad-free experience.

Should you want to enjoy the benefits offered by this service but aren’t too keen on being stuck with a censored internet, simply use the following as your DNS on your Android device.

CloudFlare

Perhaps one of the young blood that got everyone talking about DNS, CloudFlare’s 1.1.1.1 is a DNS service that offers the fastest response time, unparalleled redundancy, and advanced security with built-in DDoS mitigation and DNSSEC.

For me, I use CloudFlare’s 1.1.1.1 app from the Play Store to not only get faster lookup speeds (which is very perceptible once you use it over time) to get access to YouTube Music which is not officially available in my region.

This is a lot faster and doesn’t slow my internet as a VPN would. Cloudflare also supports many of the Family-friendly internet initiatives as explained in the above-linked stories.

We have created a video on how to setup private DNS on your Android phone. Watch it below;

Other DNS Servers to try out

Well, the internet is very vast and there are tons of other DNS servers to try out. Below is a list of some of the top-rated DNS servers that you could try on your Android.

DNS Provider Primary Address Secondary Address
1. Google Public DNS 8.8.8.8 8.8.4.4
2. Cloudflare 1.1.1.1 1.0.0.1
3. OpenDNS 208.67.222.222 208.67.220.220
4. CyberGhost 38.132.106.139 194.187.251.67
5. Quad9 9.9.9.9 149.112.112.112
6. OpenNIC DNS 192.71.245.208 94.247.43.254
7. DNS.Watch 84.200.69.80 84.200.70.40
8. Yandex DNS 77.88.8.88 77.88.8.2
9. Neustar DNS 156.154.70.5 156.154.71.5
10. CleanBrowsing 185.228.168.9 185.228.169.9
11. Comodo Secure 8.26.56.26 8.20.247.20
12. UncensoredDNS 91.239.100.100 89.233.43.71
13. FreeDNS 45.33.97.5 37.235.1.177
14. Verisign Public DNS 64.6.64.6 64.6.65.6
15. SafeServe 198.54.117.10 198.54.117.11
16. Safe DNS 195.46.39.39 195.46.39.40
17. AdGuard 176.103.130.130 176.103.130.131

Source

How to Fix DNS_PROBE_FINISHED_NXDOMAIN (Desktop Mobile)

For those of you working with websites on a regular basis, errors specific to the CMS such as the white screen of death or database connection errors are somewhat common occurrences. But another subset of errors you will probably stumble upon are those tied to your internet connection and DNS.

A very common error that Google Chrome users get when trying to browse to a web page is “This site can’t be reached – Server IP address could not be found,” together with DNS_PROBE_FINISHED_NXDOMAIN. This can be downright frustrating as suddenly you can’t browse to your website or perhaps even anywhere at all.

If you’re seeing this error while trying to get to your site, don’t worry, this is fairly easy to fix. Check out the recommendations below on how to get connected again. This can also work for other browsers, such as Firefox, Edge, etc.

What Is DNS_PROBE_FINISHED_NXDOMAIN?

The reason for DNS_PROBE_FINISHED_NXDOMAIN is typically due to a misconfiguration or problem with your DNS. DNS is short for Domain Name System, which helps direct traffic on the internet by connecting domain names with actual web servers. Essentially, it takes a human-friendly request – a domain name like kinsta.com – and translates it into a computer-friendly server IP address – like 216.3.128.12.

When a user enters a URL in their web browser, DNS gets to work to connect that URL to the IP address of the actual server. This is called DNS name resolution and involves a DNS recursor querying various nameservers to figure out the actual IP address of a server.

Try Kinsta Risk-Free

Optimize your admin tasks and budget with 275 enterprise-level features included free in all WordPress plans. Backed by a 30-day money-back guarantee. Learn

DNS_PROBE_FINISHED_NXDOMAIN Error

DNS_PROBE_FINISHED_NXDOMAIN is an error that occurs when your DNS fails to resolve the domain name or address. It happens when the Domain Name System (DNS) fails to connect domain names with actual web servers. The NXDOMAIN part stands for Non-Existent Domain.

Error Code DNS_PROBE_FINISHED_NXDOMAIN
Error Type DNS error
Error Variations This site can’t be reached Hmm. We’re having trouble finding that site Hmmm… can’t reach this page Safari Can’t Find the Server
Error Causes Internet connection error Firewall is blocking access DNS misconfiguration DNS not yet propagated Unresponsive server

What Does the DNS_PROBE_FINISHED_NXDOMAIN Error Look Like on Browsers?

Google Chrome

In Google Chrome this error will show as DNS_PROBE_FINISHED_NXDOMAIN (as seen below), highlighting that this site can’t be reached, followed by server IP address could not be found.

Mozilla Firefox

In Mozilla Firefox it will simply show as Hmm. We’re having trouble finding that site (as seen below).

Microsoft Edge

In Microsoft Edge, it will simply show as Hmmm… can’t reach this page (as seen below). Which isn’t very helpful.

How to Fix DNS_PROBE_FINISHED_NXDOMAIN on Desktop

Here are some recommendations and things to check to fix the error (sorted in order by most common reasons we see):

Release and Renew IP Address

Due to the fact that this is usually a client-side DNS issue, the very first thing you should do is try releasing and renewing the IP address on your computer. This also includes flushing your local DNS cache, which is similar to browser cache.

Windows

In Windows simply open up Command Prompt by pressing the Windows logo key and R. Then type “cmd” and hit Enter.

Type in ipconfig /release and hit Enter. This will release your current IP address.

Then type in ipconfig /flushdns and hit Enter. This will flush your local DNS cache. You should see a “Successfully flushed the DNS resolver Cache” if it worked.

Then type in ipconfig /renew and hit Enter. This will renew your IP address.

You might also try resetting your IP settings and Winsock catalog with the following commands: netsh int IP set dns and netsh winsock reset.

An alternative way to flush and renew your DNS is simply by disabling your network adapter and re-enabling it.

Mac

To release and renew your IP address on a Mac, go to System Preferences…

Click on the network icon and then click “Advanced.”

Click the TCP/IP tab heading if you aren’t already in there. Then click on the “Renew DHCP” lease button.

Just like we did above in Windows, Mac users can also clear their local DNS cache. Although this is done in a different place. Go to Utilities and then click on “Terminal.”

Enter in the following command:

Note: There is no success message on Macs.

Restart DNS Client Service

If you’re running Windows you can try restarting the DNS client services which resolves and caches DNS domain names.

Simply open up Command Prompt by pressing the Windows logo key and R. Then type “services.msc” and hit Enter.

Scroll down to “DNS Client,” right click on it, and select “Restart.”

If the restart option is greyed out for you (as it was for us), an alternative way to do it is via the command prompt.

Open up Command Prompt by pressing the Windows logo key and R. Then type “cmd” and hit Enter.

Then enter the following commands:

net stop dnscache net start dnscache

Depending on the version of Windows you’re running you might get an error saying:

The requested pause, continue, or stop is not valid for this service.

This is most likely because you need to run CMD as a network service to issue the command. If you’re running into this error, we suggest trying the other alternatives below first.

Change DNS Servers

The next thing you can try is changing your DNS servers. By default, DNS servers are automatically assigned by your ISP. But you could try temporarily changing these to a public DNS server, such as Google or Cloudflare.

  • Some prefer to use Google’s public DNS (8.8.8.8 and 8.8.4.4) long-term due to them sometimes being more reliable.
  • Cloudflare also just launched their new secure and blazing fast free DNS (1.1.1.1 and 1.0.0.1) which we will be using in this example. If you want to use Google’s the steps are the same, you simply replace the DNS server addresses with Googles.

Tip: If you’re already using a free DNS server and having issues, removing it and defaulting back to your ISP’s DNS servers also sometimes fix things. Google and Cloudflare aren’t perfect 100% of the time and there have been a few instances where we’ve noticed switching back has resolved the issue.

Windows

In Windows simply open up Command Prompt by pressing the Windows logo key and R. Then type “control panel” and hit Enter.

Click on “Network and Internet” and then “Network and Sharing Center.” On the left-hand side, click on “Change Adapter Settings.”

Right click on your current connection, this will either be Local Area Connection or Wireless Network Connection based on how you’re connecting. Then click on “Properties.”

Select Internet Protocol Version 4 (or IPv6 if desired) and click on “Properties.”

best, your, phone, 2022, power, bank

Make a note of any existing settings in case you need to revert back. Click “Use the following DNS server addresses.” Enter the following, or replace the existing with these:

For IPv4: 1.1.1.1 and 1.0.0.1 For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

Click OK, then Close. Restart your browser.

Mac

To change DNS servers on a Mac, go to System Preferences…

Click on the network icon and then click “Advanced.”

Then add Cloudflare’s DNS server addresses.

For IPv4: 1.1.1.1 and 1.0.0.1 For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

Reset Chrome Flags

Sometimes Chrome settings or experimental features can get accidentally changed or messed up. You reset these back to default by entering chrome://flags into your browser and clicking on “Reset all to default.”

Then restart your browser.

Disable VPN and Antivirus Temporarily

Sometimes VPNs and Antivirus software can conflict or override your network settings, including your DNS servers, etc. If you have any running, try temporarily disabling them (closing them) to see if it resolves the DNS probe finished nxdomain error in Chrome.

Check Your Local Hosts File

Every computer has what they call a local hosts file. This is a file that contains manual DNS entries which are mapped to specific IP addresses. Typically this is only edited when you want to preview your DNS before switching over domains to a new host.

However, there is a multitude of different ways this file could have been changed or edited. Therefore, if none of the above options worked for you, it’s worth double checking your local hosts file to ensure the website you’re trying to access isn’t in there.

Windows

The hosts file typically requires additional access. So the first step is to open up your text editor as an administrator. Simply click on your start menu, search for your text editor, right-click on it and select “Run as administrator.” This can be done in any text editor such as Notepad, Notepad, Atom, etc. We are using Sublime in our example below.

Within your text editor click File → Open and browse to the following location:

C:\Windows\System32\drivers\etc\

Click on the hosts file and “Open.”

Double check and make sure the website you’re trying to visit isn’t listed in there. If it is, remove it.

Mac

To check your hosts file on a Mac, we recommend getting Gas Mask. It’s a free application which can be used as hosts file manager, hosts files editor, and switch between them. It makes everything quick and easy! Otherwise, you can follow the steps below to edit your hosts file on Mac manually.

Go to Utilities and then click on “Terminal.”

Enter in the following command and press Enter (you will most likely be prompted for your administrator password as well).

sudo nano /private/etc/hosts

Double check and make sure the website you’re trying to visit isn’t listed in your hosts file. If it is, remove it.

Check DNS of Your Domain

If you’re only getting the DNS_PROBE_FINISHED_NXDOMAIN error on a single domain, even after checking your hosts file, you might need to check the DNS settings on the domain name itself.

If you’re a Kinsta client we have an in-depth post on how to point your domain and or DNS to Kinsta. If you recently migrated your website to a new hosting provider, it could be the DNS was cached incorrectly on your computer. In which case, Step 2 above should have resolved that.

Restart Your Computer

We know it’s annoying, but it has to be mentioned. If none of the above options work, trying restarting your computer and even your router. We realize many of you probably have hundreds of tabs or applications open and that’s why we made this the last option. But rebooting devices actually clears out a lot of temporary cache.

How to Fix DNS_PROBE_FINISHED_NXDOMAIN on Mobile (Android iOS)

These are the most common ways to fix this error on your mobile device:

Restart Your Device

You know that famous tech support question “Have you tried turning it off and back on again?”

Well, the phrase is popular for a reason: A reboot does often fix the problem! Before attempting any of the other solutions on this list, start first with a simple device restart.

Android

To restart your Android device, press and hold your device’s power button to bring up the Options menu, then tap on the Restart option:

Wait for your device to restart, then open the Chrome app and check for the error.

iPhone/iOS

To restart your iPhone or other iOS device, begin by pressing and holding the power button and either of the two volume buttons:

Keep these held down until the power-off slider appears on the screen:

Drag the slider from one side to the other, then wait for the device to turn off.

Once it’s completely off, press and hold the device’s power button to turn it back on. Then check to see whether you’re still encountering the error.

Check for Chrome App Updates

The next step is to make sure that you’re using the very latest version of the Google Chrome app on your Android device

You can check for any Chrome updates and install them by following these steps:

  • Open the App Store app (this is called Google Play Store on Android devices).
  • Tap your profile icon at the top right (in the search bar).
  • Tap the Manage apps and device menu option.
  • Tap the Updates available button.
  • Look for Google Chrome in the list. If you see it, tap the Update button next to it.

After the update has finished installing, relaunch the Chrome app and check to see if you’re still getting the error. If you are, move on to the next solution below.

Clear Chrome’s Browser and App Data

Caches are useful because they speed up your browsing experience. In fact, our tests show that Edge Caching reduces the time it takes to deliver full pages to browsers by more than 50%.

However, this cached data can also frequently be the source of errors like DNS_PROBE_FINISHED_NXDOMAIN.

Luckily, you don’t actually need this cached data, and clearing it out may fix the error.

You can clear your mobile device’s Chrome cache and app data with just a few taps:

  • Open the Chrome app.
  • Tap the hamburger menu icon ( ⋮ or ⋯ ) at the top or bottom.
  • Tap History Clear browsing data.
  • Check Browsing history and Cached images and files. Leave the other options unchecked.
  • If prompted with a “Also clear data from these sites?” message, confirm by tapping Clear.
  • Wait for Chrome to finish clearing the data, then tap the OK, got it confirmation message.

Now, try visiting the page again to see if the error has vanished. If it hasn’t, don’t lose heart! Just move on to the next option below.

Check for System Updates

As with Chrome, you’ll want to be sure you’re running the latest version of the Android operating system (OS) that’s available for your device.

Android

Here’s how to see if your Android device has any pending system updates:

  • Navigate to Settings System.
  • Tap System Update.
  • This screen may tell you that your system is up to date. Regardless, tap the Check for update button at the bottom.
  • Wait for the system to look for any available OS updates.
  • If an update is found, agree to install it, then follow any further prompts to complete the installation.
  • Restart your device if the update process doesn’t do so automatically.

iPhone/iOS

You can check for pending updates on your iPhone or other iOS device with these steps:

  • Navigate to Settings General Software Update.
  • Review the screen to see if there’s an update available. If there is, tap the Download and install button.
  • Tap Install Now when prompted.
  • Restart the device.

Once your device’s system has been updated and rebooted, check again for the error in the Chrome app. If it’s still there, try the next solution on this list.

Change Your Mobile Device’s Network Settings

We talked earlier about modifying desktop devices’ DNS settings to fix the DNS_PROBE_FINISHED_NXDOMAIN error. This same approach can also work with mobile devices.

Android

To change the DNS settings on your Android, follow these steps:

  • Navigate to Settings Network Internet Internet.
  • Make sure Wi-Fi is toggled “On.”
  • Press and hold your Wi-Fi network connection, then tap Modify.
  • Under Advanced options, locate the DNS 1 and DNS 2 fields and enter this information:
  • DNS 1: 8.8.8.8
  • DNS 2: 8.8.4.4
  • Tap Save.

After saving your new settings, re-open the Chrome app and check to see if the error’s gone.

iPhone/iOS

You can change the DNS settings on your iPhone or other iOS device with these steps:

  • Navigate to Settings Wi-Fi.
  • Tap on your network in the menu.
  • Tap Configure DNS Manual.
  • Remove the current listings under DNS Servers and add the following listings instead:
  • 8.8.8.8
  • 8.8.4.4
  • 2001:4860:4860::8888
  • 2001:4860:4860::8844
best, your, phone, 2022, power, bank

Now, restart the Chrome app and check again for the error message.

Summary

Even though it’s frustrating, the DNS_PROBE_FINISHED_NXDOMAIN error is usually pretty easy to get resolved. Between flushing your DNS cache, renewing your IP, and trying different DNS servers, you should hopefully be back up and surfing the web in no time.

FAQ

What Is DNS_PROBE_FINISHED_NXDOMAIN?

The DNS_PROBE_FINISHED_NXDOMAIN error indicates that the Domain Name System (DNS) failed to resolve the domain name or address. NXDOMAIN stands for Non-Existent Domain.

What Causes DNS_PROBE_FINISHED_NXDOMAIN?

The DNS_PROBE_FINISHED_NXDOMAIN is typically caused by a misconfiguration or problem with your DNS.

How Do You Fix DNS_PROBE_FINISHED_NXDOMAIN?

Here are some recommendations and things to check to fix the error (sorted in order by most common reasons we see):

How Do You Fix DNS_PROBE_FINISHED_NXDOMAIN on Mobile?

These are the most common ways to fix this error on your mobile device:

Get all your applications, databases, and WordPress sites online and under one roof. Our feature-packed, high-performance Cloud platform includes:

  • Easy setup and management in the MyKinsta dashboard
  • 24/7 expert support
  • The best Google Cloud Platform hardware and network, powered by Kubernetes for maximum scalability
  • An enterprise-level Cloudflare integration for speed and security
  • Global audience reach with up to 35 data centers and 300 PoPs worldwide

Get started with a free trial of our Application Hosting or Database Hosting. Explore our plans or talk to sales to find your best fit.

How Kinsta Counts WordPress Installs

Here at Kinsta, we offer a variety of WordPress hosting plans to meet the needs of our customers. Learn about how we count WordPress installs for o…

Troubleshooting WordPress Import Issues with XML, CSV, and WXR Files

WP All Import and WordPress Importer sometimes cause timeouts and website performance issues. Check out ways to work through the WordPress import p…

How to Find cPanel Bandwidth Usage

A hosting provider might inquire about how much bandwidth your site uses. Check out these 3 quick steps on how to find cPanel bandwidth usage.

Reading time 2 min read Publish date June 13, 2017 Topic WordPress Development Topic WordPress Hosting

Subscribe to our Newsletter

Keep up with the latest web development trends, frameworks, and languages.

How To Fix The “DNS Server Unavailable” Error

The Domain Name System (DNS) server is where all of the domain names for the sites you’ve visited are stored. When searching a domain name in a web browser, it is forwarded by your router to a DNS server. If the particular site’s domain name has been saved, it then returns the corresponding IP address. This makes the loading process for those sites particularly faster.

As great as this process is, it’s not uncommon for the DNS server to fail to establish a connection from time to time. Attempting to troubleshoot your web browser in this instance can often result in a ‘DNS server not responding’ error.

Many factors could cause this particular error to show up on your screen. The most prominent of which is the possibility that the server itself is currently experiencing an outage. Luckily, this problem is often accompanied by a few easy solutions.

How To Fix The “DNS Server Unavailable” Error

Have you’ve received an error that the DNS server is unavailable? For a quick fix, these problems can sometimes be corrected by something as simple as changing browsers, messing with a few of your firewall settings, or rebooting your router. It’ll be up to you to figure out the cause and subsequent correction for the problem.

Start by using a different browser for the web pages you’re trying to open. This means that if you’re currently receiving the error while using the Mozilla Firefox browser, switch it up to Microsoft Edge or Google Chrome. Should the problem persist, we can move on to testing out other devices.

Attempt to open a webpage using a mobile device, on the same network, to ensure that the problem isn’t the result of hardware failures. It would also be beneficial to attempt to connect to the same webpages using your data plan to identify if the cause is, in fact, with the DNS server.

Once you’ve exhausted these steps, reboot your router. If the “DNS server unavailable” error is still present, we’ll have to undergo a few more effective methods.

Flushing Your DNS (Windows)

The most effective method for fixing the issue with the DNS server being unavailable is to flush it using Command Prompt.

  • Pull up the Run dialog by simultaneously pressing the Windows key and R key.
  • Type cmd into the field and press Enter.
  • In the Command Prompt window, type ipconfig /flushdns and press Enter.
  • Finally, type ipconfig /renew and press Enter.
  • Close out of the Command Prompt window and reboot your system.

Flushing Your DNS (MacOS)

You can also flush the DNS on a Mac. The way in which you do this will vary slightly depending on the version of Mac your computer is running. It often only involves a change in the syntax used during the process.

  • Open a Finder window and then head into Applications, followed by Utilities, and ending in the Terminal.
  • Enter in the following syntax pertaining to the version of MacOS you’re currently using:
  • MacOS High Sierra – sudo killall.HUP mDNSResponder; sleep 2; Echo macOS DNS Cache Reset | say
  • MacOS Sierra – sudo killall.HUP mDNSResponder;say DNS cache has been flushed
  • MacOS Mojave – sudo killall.HUP mDNSResponder;sleep 2;
  • MacOS X El Capitan/Yosemite – sudo dscacheutil.flushcache;sudo killall.HUP mDNSResponder;say cache flushed
  • Press the Return key, enter your password, and then hit the Return key once more.
  • Await the audio alert that indicates a successful DNS flush before exiting the Terminal.

The MacOS X cache clearing will need a few added steps in order to fully flush it out. You’ll have to flush both MDNS and UDNS caches on top of the steps previously taken.

Before exiting from the Terminal, perform the following commands:

  • For the MDNS cache, type sudo discoveryutil mdnsflushcache
  • For the UDNS cache, type sudo discoveryutil udnsflushcaches

Remove Multiple Antiviruses

“You can never have too much protection.” This may be somewhat true in the real world, but in the world of technology, having multiple antivirus programs installed on the same computer can actually hinder the protection provided.

Check to see if you have two or more antivirus programs currently running as this may be the reason for the DNS issue. Once you disable all additional programs, reboot your system and the problem should resolve itself.

Ensure that moving forward you only keep a single software program running to help defend yourself from unwanted malware attacks. This not only increases security but can help you avoid running into more DNS server errors.

Changing DNS Servers

If you’ve already attempted all fixes written here and are still receiving the same “DNS server unavailable” error, it may be in your best interest to change your DNS servers. There are plenty of public DNS from which to choose, Google’s free DNS being one of the more popular choices.

The process for this is very simple and can be done in a few clicks, depending on where you choose to change it. We’ll be using the Windows operating system in each of our examples.

DNS Changes via Router

  • Access your router by launching your web browser and entering the Default Gateway address into the URL bar.
  • You can find the Default Gateway by opening a Command prompt window, typing ipconfig, and pressing Enter. Copy the numbers located beside Default Gateway in the pulled up information.
  • Login to the router using the proper credentials.
  • Locate your internet account information which can often be found in a similarly named tab.
  • Navigate to the DNS server and select the option that best mirrors your used internet protocol (IPv4 or IPv6).
  • Enter the address of the DNS server you want to use in place of the current one.
  • Google’s DNS server will be 8.8.8.8 in the preferred DNSv4 and 8.8.4.4 in the alternate DNS server. In the case of IPv6, you’ll want to use 2001:4860:4860::8888 and 2001:4860:4860::8844 respectively.

DNS Changes via Windows OS

  • Access your network connection properties by launching the Run function (Windows key R) and typing in ncpa.cpl. Press Enter.
  • Windows 10 users can right-click the Windows icon at the lower left of the desktop screen and select Network Connections from the menu.
  • Select the network adapter currently in use. WLAN for Wi-Fi connections and LAN for direct connection, usually via ethernet cable.
  • Windows 10 will have your options on the left side panel. Select one and choose Change adapter options from the main window.
  • In the Networking tab, highlight your IP version (v4 or v6) from the menu and click the Properties button.
  • Click the radial for Use the following DNS server addresses: to enable editing capabilities.
  • Enter in the DNS server addresses you plan to use.
  • If you had been using a previous DNS server not obtained automatically, remember to annotate the addresses just in case you want to return using them at a later date.

Test New DNS Server

Once the DNS servers have been changed, open a browser and attempt to launch a well-known site like www.google.com. If the site is immediately accessible, then the new DNS is functioning properly. If not, enter one of Google’s IP addresses, 172.217.16.195, directly into your browser and hit Enter.

Wait for the familiar Google logo and search bar to appear. If this also fails, then the problem may lie with the internet and not the DNS server itself. Contact your internet service provider for additional help if this is the case.

What is DNS Hijacking?

Do you know who your domain name registrar is? If the answer is “no” or “what’s that?”, then despite appearances you may not even be in control of your own website, or for that matter, your company’s emails. Multiple reports indicate that DNS hijacking is on the rise with campaigns like Sea Turtle and DNSpionage, and it can be difficult to know whether you’re a victim of it. In this post, we’ll explain what DNS hijacking is, what steps you can take to protect yourself and how you can ensure you’re really in control.

Refresher: What’s DNS Again?

The world of cybersecurity is complex, so here’s a quick reminder of the terminology we’re dealing with. DNS or Domain Name System is the means by which a human-readable domain name like, say, www.yourcompany.com gets turned into the numerical IPv4 or IPv6 number system that is actually used by browsers, routers, and servers to serve up web and email content.

The older IPv4 addresses are the familiar 32-bit addresses you have likely seen before, consisting of four segments separated by periods. For example:

The newer IPv6 addresses are 128-bit addresses written in hexadecimal, split into 8 segments and separated by colons, which may look something like this:

But also may not! In IPv6 addresses, a double colon can be used to omit sequential zeroes, and zeroes at the beginning of a segment can also be removed, so you can see IPv6 addresses that have quite variable lengths. The above address would actually be represented like this:

So how does all this magic happen? How do domain names become IPv4 and IPv6 numerical addresses? When your browser or other networking device is given a domain name, a process of DNS lookups occurs, starting with local caches and progressing through a number of lookup servers: recursive resolvers, root nameservers, top-level-domain servers and authoritative nameservers. At the end of this process, an IP address is delivered to the client for the specified domain.

What is DNS Hijacking?

At any one of these points, and indeed at any of the caches along the way, an attacker can hijack the DNS server or poison the cache in a way that is invisible to the client making the request.

best, your, phone, 2022, power, bank

If you don’t manage your own DNS, it’s entirely possible that the third-party entity that does manage it for you (and who is that, again?) could have been hacked without your knowledge. When an attacker hijacks your DNS, they are able to intercept your entire web traffic and email communications.

“half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party.” (Source)

There’s a few ways that this can happen. Suppose you registered your site with an internet registrar, I’ll use a fictional one, let’s call it GoMummy.com. The GoMummy registrar sells you a domain name, yourcompany.com and registers that name against unique IPv4 and IPv6 addresses. Your domain name has the top-level domain (TLD) of.com. and there’s an authoritative nameserver that holds an A-Record containing your unique IP address.

In this scenario, an attacker might hijack your DNS at several points. If they compromise the authoritative nameserver, they could change your IP address to another address so that the DNS lookup for yourcompany.com points to their own servers. Then everyone who typed yourcompany.com into a browser would go to the attacker’s website and not yours. There, your visitors might find a site that is an exact clone of your site, except it’s controlled by the attackers and could be used to steal login credentials, deliver malware or distribute false and damaging information about your company. In such a case, you might have around 4 hours – the time-to-live for a DNS lookup is typically 14400 secs – to spot and correct the hijack before it starts propagating across the internet.

Real-World Cases of DNS Hijacking

Some real-world cases of DNS hijacking include:

  • The 2018 SamSam ransomware attack: In this attack, hackers targeted several US healthcare organizations, using DNS hijacking to redirect traffic from legitimate websites to malicious domains that delivered ransomware payloads.
  • The 2019 Cloudflare DNS hijacking: In this incident, hackers used a vulnerability in Cloudflare’s DNS infrastructure to redirect traffic from several websites, including coinbase.com, to a malicious domain that delivered a cryptocurrency mining payload.
  • The 2017 Exim vulnerability exploit: In this incident, hackers exploited a vulnerability in the Exim mail server software to gain control over the DNS records of several hosting providers, allowing them to redirect traffic from legitimate websites to malicious domains.

Hijacking A-Records appears to be what happened in an attack that affected. the New York Times, and the Huffington Post. What these sites had in common was the same registrar: Melbourne IT. Hacker collective S.E.A. breached their US-based sales partner through a spear-phishing campaign and gained access to the registrar’s servers. From here, the hackers were able to change the A-Records of several sites.

In that particular case, the damage was little more than vandalism, but an attack on the DNS registration of a Brazilian bank was far more serious. The attackers created malicious clones of the bank’s sites, complete with valid https certificates, and had control for around five hours. During that time, every visitor to the bank’s URLs was redirected to the spoofed sites, which also served up banking trojan malware.

recently, the Sea Turtle campaign appears to be a nation-state-backed DNS hijacking campaign that spans 13 countries and has targeted at least 40 public and private entities. The threat actors behind Sea Turtle’s use changed A-Records to reroute victims to spoofed sites where they then steal login credentials.

DNS Cache Poisoning Attacks

In another scenario, an attacker might not be able to compromise your DNS registrar’s A-record but might instead hijack your DNS through a cache poisoning attack. A rogue or compromised DNS server in-between the user’s computer and the site the user intends to visit could serve up an alternative address to the actual address held in the A-Record.

This, in effect, is exactly the same technique that is used by censors such as the “Great Firewall of China” and other government anti-privacy schemes; it is also a ploy regularly employed by some ISPs to impose geographic restrictions, serve ads, collect data or otherwise control user’s internet browsing.

In practice, any DNS caches or lookup servers between the device and the intended site can redirect the user to another address. This can start with the router on the local network – one of the many dangers of using public Wi-Fi services – and reach up to the root name server (aka ‘DNS root server’).

Router Malware DNS Hijacks

In the above examples, we discussed attacks outside a network you control, but DNS hijacks can also occur inside your network. Malware on a local computer can change the DNS server used by the client, such that a particular machine’s domain names are incorrectly resolved to an attacker’s choice of IP. Similarly, if threat actors can breach the router on your network and change the lookup server addresses there, they can achieve the same effect for every client on that network from a single breach.

One of the easiest ways malware poisons a device’s DNS lookups is to modify the machine’s hosts file. The hosts file has legitimate uses for, among other things, web development, content blocking and VM software, but it also allows attackers to specify custom IP addresses for any domain.

How Can You Tell If Your DNS Is Hijacked?

You can and should view the contents of your hosts file regularly. In Windows, you can examine the hosts file using notepad and navigating to the file at C:\Windows\system32\drivers\etc\hosts.

For those comfortable with PowerShell, just execute the cat command on the same filepath:

It should be sufficient on both Linux

And macOS:

The above images are default hosts files with VM software installed. An attacker would modify the hosts files by adding a line such as

Such a line would resolve all requests google.com on the device immediately to the IP address given, without any further DNS lookups or checks.

Local hacks can also be revealed if you notice slow downs, browser redirects, site unavailabilities, pop-ups or other unusual behaviour when using your browser. Try changing the local DNS settings on your computer to 8.8.8.8 and 8.8.4.4 (Google’s Public DNS) or 1.1.1.1 and 1.0.0.1 (CloudFare’s Public DNS) to see if that helps. At the same time, be sure to use a good security solution that can detect malware that has DNS changing behaviour.

For checking DNS lookups outside of your local network, there are a few tools end users can use. The whoismydns.com site provides a free service that tries to tell you what server is making DNS requests on your behalf when you connect to the whoismydns.com site. While this is a nice idea, we have to recommend caution in using it.

For one thing, there doesn’t appear to be an https version of the site, so there’s no real way you can verify that your connection to the site hasn’t been tampered with enroute. Secondly, if an attacker has control of your DNS traffic, it’s possible that you could be redirected to a fake version of the whoismydns.com site itself!

Pretty much the same cautions apply to this site, which attempts to tell you if your computer is one of the thousands still out there infected with the DNSChanger malware.

For enterprise and domain name holders, from a known clean device, you can check that your A-Record is what it should be using Google’s DNS lookup service. For example, will the real SentinelOne please stand up:

What Can You Do About DNS Hijacks?

Attackers have noticed that routers are something of a weakpoint in the security chain, not least because they have relatively poor internal protections, are generally shipped with default admin passwords that an unfortunately large number of users never change, and have infrequent (if ever) firmware upgrades. A great checklist of router security tips can be found here, but the essentials boil down to verifying and checking your router’s DNS settings and regularly updating the router password.

In managing your organization’s domain names, the most important step for enterprises to prevent DNS hijacks is to use a registry lock to prevent unauthorized changes. Further, be sure to enable two-factor authorization on your account access.

If your host service does not offer registry locks or 2FA, you should seriously consider changing to one that does as soon as practically possible. Beyond that, enable DNSSEC (Domain Name System Security Extensions) in your site’s control panel. This helps to prevent DNS redirections, cache poisoning, pharming and man-in-the-middle-attacks by authenticating the resolution of IP addresses with a cryptographic signature.

To eradicate the problem of DNS lookups between your distributed endpoints and your organization’s network, enterprises should use a reputable VPN service. Also, be sure to protect your endpoints and network with an autonomous, next-gen security solution.

Conclusion

Resolving domain names into numerical IP addresses, from the endpoint to the DNS root server, is fraught with vulnerabilities for ordinary users and enterprise while offering great opportunities for attackers. The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that a global DNS hijacking campaign is currently active. With a successful hijack, an attacker can redirect your organization’s web traffic to attacker-controlled infrastructure, complete with valid encryption certificates, and conduct man-in-the-middle attacks. DNS attacks on the device are easily accomplished by changing local DNS settings or poisoning the local hosts file.

To stay protected, follow the advice we outlined in the previous section. If your endpoints are not already protected by a robust security solution like SentinelOne, this free demo will show you how our autonomous endpoint solution can keep your devices and network safe.

Like this article? Follow us on LinkedIn. YouTube or to see the content we post.

Read more about Cyber Security

Leave a Comment