Defeated DNS hijack


My dorm’s ISP Extreme Broadband network hijacks all DNS queries internally and answer them as if it came from the outside, even if you explicitly wanted to use external servers.


You could easily see that it is hijacking DNS requests, and is resolving to OpenDNS’s IPs. OpenDNS has the habit of hijacking non-existent domains to their search page. Our ISP partnered with OpenDNS and features their little logo at the search pages.


I don’t really care if they hijack requests, to hell if they want to know what site I visit, the main problem that I cannot stand is that during peak time, their DNS servers dies and become non-responding. All you get is timeouts, websites stall and look broken. I have complained, asked them to stop hijacking and allow queries to be solved externally if they do not wish to do something about their DNS server. They don’t seem to care, so I say a big fuck you and did my own contraception of anti-hijack.

Say Hello to DNSMASQ and ACRYLIC

I happen to have a VPS lying around, so I decided to use it as a DNS forwarder. DNSMASQ is both a DHCP and DNS server. On the VPS,
all you need to do is

apt-get install dnsmasq


nano /etc/dnsmasq.conf

and uncomment the port parameter and add a port number other than 53. After that just

service dnsmasq restart

You now have your private DNS server at your service.

On a Windows 8 machine, it is impossible (as it seems) to change the DNS query port. So the best you could do is setup a local DNS proxy and point the proxy to your recently setup DNS server.

Download Acrylic, unzip it and put it somewhere. You have to change the PrimaryServerAddress and PrimaryServerPort inside the AcrylicConfiguration.ini file to your setup’s values. After that, just start the proxy.

Then point Windows to for DNS queries and verify.


Nice one eh? Well this assumes that your ISP is not bastard enough to do packet analysis. If your ISP is that bastard, perhaps you could try DNSCRYPT.

Never see. Never know.

Leave a Comment

Your email address will not be published. Required fields are marked *