Skip to Content

DNS hijacking of Great Firewall of China

Last time, we talked about DNS hijacking, and mentioned using trusted Google DNS or OpenDNS to defeat DNS hijacking.
However, your DNS will still be hijacked by Great Firewall of China if you only use Google DNS or OpenDNS.
Why does this happen?

Background knowledge:
The DNS server use UDP (User Datagram Protocol) 53 port to answer the request from user's computer.
UDP is a simpler message-based connectionless protocol which does not set up a dedicated end-to-end connection, and it's reliable.
The client computer (your computer) will accept the first DNS reply from remote if its data format is correct and ignore other replies.

Suppose you are in China and using Google DNS. You are going to open http://releases.mozilla.org
Your computer tries to get IP address of releases.mozilla.org from 8.8.8.8. This request is detected by IDS (Intrusion Detect System) of GFW, and it returns an error IP to your computer immediately. As we say above, your computer will accept this reply and ignore other replies (the real reply). In this way, this domain (releases.mozilla.org) is hijacked.
Conclusion: Your DNS is still hijacked simply because GFW is in the middle of your computer and the destination DNS server , and it controls the DNS reply.

There are two solutions to defeat the DNS hijacking of GFW:

1. Use VPN & Google DNS together. In this way, your DNS request will be encrypted and can't be detected by GFW.
2. Modify the local host file to ensure the hijacked Domain Name will be resolved locally.


forum | by Dr. Radut