OpenWrt Forum Archive

Topic: DNS hijacked by provider

The content of this topic has been archived on 6 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
lightserver
30 Jun 2013, 14:17

Hello,

yesterday I found out my provider uses dns hijacking replacing the google DNS.
nslookup shows:

C:\windows\system32>nslookup google.at
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Nicht autorisierende Antwort:
Name:    google.at
Addresses:  2a00:1450:400d:804::101f
          195.202.131.187
          195.202.131.144
          195.202.131.154
          195.202.131.155
          195.202.131.166
          195.202.131.174
          195.202.131.165
          195.202.131.177
          195.202.131.185
          195.202.131.170
          195.202.131.163
          195.202.131.148
          195.202.131.159
          195.202.131.176
          195.202.131.181
          195.202.131.152

Now I found an excellent thread > http://hackercodex.com/guide/how-to-sto … hijacking/

but excluding all the above dns entries in openwrt from my provider leads to a problem on my PCs,
youtube and google is resolved as

C:\windows\system32>nslookup google.at
Server:  lan
Address:  10.0.0.1

Name:    google.at
Address:  2a00:1450:400d:804::101f

and now google, youtube and all other services from google don't function.
I disabled all IPv6 service but anyway this IPv6 adress shows up!

****************************************************

On my android devices I see the correct resolution would be:
Server: 74.220.195.27
Address: 74.220.195.27#53

Name: 74.125.224.215
Name: 74.125.224.216
Name: 74.125.224.223

Can those settings be forced overridden elsewhere?
For the moment I use ComodoDNS but google DNS was faster.

Do you have suggestions for me howto fix this issues?

bR

****************************************************

PS: posting to this forum shows an error:

Sorry! The page could not be loaded.

Unable to send e-mail.
Please contact the forum administrator with the following error message reported by the SMTP server: "535 5.7.8 Error: authentication failed: authentication failure "

(Last edited by lightserver on 30 Jun 2013, 15:06)

Post #2
nozombian
30 Jun 2013, 15:51

You can install maradns on openwrt and use it instead of dns servers on internet, because it communicates directly with top level servers until it gets the domain resolved. It is slower, but this should prevent isp form hijacking your dns. Alternatively you can use VPN service, for a few bucks extra you will get your whole internet connection encrypted. If you don't like your packets inspected, there are still countries (such as the one I live in), where privacy still matters something, so pick one which has not signed evil like ACTA.

The discussion might have continued from here.