If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since years. Please use hippie2000@webnmail.de instead.

0
U

Property:DNS-Hijacking

From BoxMatrix


BoxMatrix >> Lexicon >> Internet-Terms >> DNS-Hijacking @ BoxMatrix   -   IRC-Chat   -   Translate: de es fr it nl pl
News Selectors Models Accessories Components Environment Config Commands System Webif Software Develop Lexicon Community Project Media

Computer FRITZ I18N Telephony Smarthome Internet Protocols Multimedia Formats Hardware Software Research

Term

Goto:   NXDOMAIN  -  Censorship  -  Criminals  -  FRITZ!OS   -   Workarounds  -  AVM-Hijacking  -  SMW-Browser

Details

DNS-Hijacking is responding a wrong / faked answer to a DNS request.

NXDOMAIN

NXDOMAIN (Non-eXisting-DOMAIN) is the error message a DNS server responds if a Domain does not exist.
Some ISPs intercept this message and send an intentional wrong positive response with an IP under their control.
This violates the DNS protocol and results in completely wrong error messages for all Network-Protocols except HTTP.

They claim that this is a "service" but in the end they fool the user to generate traffic from typos and expired Domains.
Especially for expired Domains this is a privacy leak and security hole, if login attempts are redirected to the wrong target.
Intercepting DNS and injecting wrong results into the DNS system is exactly what Criminals do.

But these ISPs don't use their "service" of an injected IP for crime, but for advertizing and maybe also tracking and statistics.
Some provide a (complicated) way to opt-out from this, but enabled it by default. Typical bad behaviour of advertizers.

A good example case is the german Telekom, which used NXDOMAIN-Hijacking since 2009, for approx. 10 years.
They called it Navigationshilfe (navigation help). A HTTP request to Non-eXisting-Domain.com was redirected to:

navigationshilfe1.t-online.de/dnserror?url=Non-eXisting-Domain.com

This request returned a search engine alike page, with a search form and fake results which all were advertizing[1].

In november 2015 Telekom sold t-online.de for 300 million euro to an advertizer[2], while still running this Hijacking.
Intentional or not, data from Telekom clients now leaked to an advertizer, without any consent, which clearly was illegal.

It took nearly 4 years until someone sued the Telekom for their crime[3]. They never got punished for their illegal activity.
They ended their illegal Hijacking and fooling of the DNS system on 2019-04-26 for good.

Censorship

Some countries under dictatorship use DNS-Hijacking as one of the methods for blocking unwanted political content.

But there is also censoring in democratic countries, even for private interests.

A good example is the german CUII, a non-governmental organisation using DNS-Hijacking for fighting copyright violation.

In Germany some domains are blocked with spoofed NXDOMAIN responses.
Looking up a blocked Domain through an 1&1 DNS server (Germany) and through Cloudflare public DNS (1.1.1.1, USA):

me@home:~$ host de.pornhub.com

Host de.pornhub.com not found: 3(NXDOMAIN)

me@home:~$ host de.pornhub.com 1.1.1.1
...
de.pornhub.com is an alias for www.pornhub.com.
www.pornhub.com is an alias for pornhub.com.
pornhub.com has address 66.254.114.41
pornhub.com mail is handled by 10 mxa-002a0701.gslb.pphosted.com.
pornhub.com mail is handled by 10 mxb-002a0701.gslb.pphosted.com.

Criminals

todo

FRITZ!OS

Workarounds

To defeat Hijacking and Censorship you can specify DNS servers different to what your ISP provides.
See the Internet >> Account Information (german: Zugangsdaten) >> DNS-Server tab,
and use two of the public DNS servers listed in the DNS or DoT articles.

AVM-Hijacking

FRITZ!OS itself performs DNS-Hijacking, for hardcoded hostnames like fritz.box, see the TLD article for an overiew.
This was not intended in 2004 when they invented this domain, but turned a problem when .box turned an official TLD.

There's no way to disable the hardcoded hostnames so far, except configuring a local DNS server.

Fortunately AVM now registered the most important fritz.box and myfritz.box, so noone could use them for Phishing,
Looking up fritz.box through the FRITZ!Box DNS server and through Cloudflare public DNS (1.1.1.1):

me@home:~$ host fritz.box

fritz.box has address 192.168.178.1

me@home:~$ host fritz.box 1.1.1.1
 ...
fritz.box has address 212.42.244.122
fritz.box has IPv6 address 2001:bf0:244:244::122
fritz.box mail is handled by 5 mx3.avm.de.
fritz.box mail is handled by 5 mx2.avm.de.
fritz.box mail is handled by 5 mx1.avm.de. 

References

SMW-Browser

Information is currently being retrieved from the backend.
 

Synonyms

Showing 1 related property.

D