DNS hijacking

A DNS hijacking (to Engl. To hijack , kidnap) denotes an interference with the operation of the domain name system , are given in the deliberately wrong answers.

Positive answer despite negative data

A common practice with several Internet providers (Telekom, Alice, Versatel) is not to return DNS queries to domain names that are reported by the higher-level, authoritative name servers as definitely non-existent (NXDOMAIN) to the customer with the same error message, but instead to deliver the address of your own website. If the original request was made in preparation for accessing a website with a browser, this results in the user being shown a search page from the provider instead of an error message, for example. One developer of this procedure calls it "Web Error Redirection". The problem with this technology, however, is that even non-web-based Internet services can be supplied with data not intended by the domain owner in this form, and the failure to receive an error message can lead to unexpected behavior. For example, a mobile Windows computer could incorrectly assume that it is in the (secure) local network if it replies positively to certain DNS requests. With the common providers it is possible to deactivate the said feature. Alternatively, DNS queries can be made via independent name servers without them running through the provider.

On the client side, this function can also be found in some browser extensions.

Malicious redirect

In addition to this redirection, which is intended as customer service, for non-existent domains, some malware also redirects existing domains. This is done, for example, to prevent the reloading of antivirus software, to display advertisements or to redirect the user to a replica of the website that is actually desired and thus to obtain confidential data ( phishing ).

DNS hijacking censorship

To enforce network blocking, some providers use DNS hijacking, as this allows websites to be blocked in a very targeted manner. This type of DNS hijacking has been used at Vodafone since February 1, 2018 to block illegal streaming portals such as Kinox.to or Burning Series . The reason is an injunction from Constantin Film .

Individual evidence

↑ Johannes Endres : DNS bending - How providers manipulate the domain name system . c't - magazine for computer technology. June 22, 2010. Retrieved September 26, 2010.
↑ Angela Gruber, Patrick Beuth: Because of "Fack Ju Göhte 3": What Vodafone's lock from Kinox.to means . In: Spiegel Online . February 13, 2018 ( spiegel.de [accessed January 1, 2019]).
↑ Reactions to Vodafone's ban from BS.to & Serienstream.to. In: tarnkappe.info . December 20, 2018, accessed January 1, 2019 .

[1] Johannes Endres : DNS bending - How providers manipulate the domain name system . c't - magazine for computer technology. June 22, 2010. Retrieved September 26, 2010.

[2] Angela Gruber, Patrick Beuth: Because of "Fack Ju Göhte 3": What Vodafone's lock from Kinox.to means . In: Spiegel Online . February 13, 2018 ( spiegel.de [accessed January 1, 2019]).

[3] Reactions to Vodafone's ban from BS.to & Serienstream.to. In: tarnkappe.info . December 20, 2018, accessed January 1, 2019 .