DNS resolution is fundamental for users to access websites. It converts domain names into IP addresses, enabling browsers to accurately locate the target server. However, in practice, DNS resolution can be disrupted, resulting in users being unable to access websites properly or accessing incorrect resources. This disruption primarily takes two forms: DNS pollution and DNS hijacking. While both can cause access anomalies, their mechanisms, purposes, and manifestations differ significantly. Understanding the difference between the two is crucial for network operations, website deployment, and network security.

　　DNS pollution, also known as DNS cache pollution or a DNS poisoning attack, occurs when the DNS resolution result is tampered with or corrupted during the DNS resolution process, preventing users from obtaining the true IP address corresponding to a domain name. Typically, when a user accesses a website, the local DNS server queries a higher-level DNS server for the IP address of the target domain name. If the query result is tampered with by an intermediary node, the returned IP address may be incorrect, unreachable, or point to a malicious server. This type of pollution is typically passive, meaning that network operators or certain intermediaries intentionally return incorrect resolution results for policy, management, or security reasons, thereby blocking users from accessing specific websites. Characteristics of DNS poisoning include abnormal resolution results, failed access to the target domain name, and abnormal PING and traceroute display. Even if users use the correct domain name, DNS poisoning may prevent them from accessing the website.

　　Unlike DNS poisoning, DNS hijacking is an active interference behavior, often with a more specific purpose. DNS hijacking occurs when an attacker tampers with the DNS resolution process, redirecting user requests for domain names to an attacker-controlled server. This allows for traffic hijacking, ad injection, phishing scams, or malware distribution. DNS hijacking can occur in various ways: tampering with the DNS settings of a user's local device (such as a computer or router); tampering with DNS resolution results by a carrier or public Wi-Fi network; or even malware modifying the system's Hosts file or hijacking the router's DNS settings. Compared to DNS poisoning, DNS hijacking is more aggressive and targeted, often accompanied by traffic redirection, web page defacement, and security risks.

　　The two also manifest in distinct ways. In the case of DNS poisoning, users may directly receive a message stating that the website is inaccessible or that the domain name resolution failed, and their browsers are unable to connect to the target IP address. In contrast, DNS hijacking allows users to access the website, but the content has been tampered with, such as displaying pop-up ads, phishing pages, or redirects to other websites. In other words, DNS pollution primarily blocks access, while DNS hijacking primarily manipulates access.

　　Technically, DNS pollution often occurs when DNS servers or intermediate network nodes return incorrect or forged resolution records. The polluted IP addresses may point to invalid addresses or internally blocked IP addresses. DNS hijacking may involve more complex redirection techniques, such as modifying the IP information in DNS response packets, tampering with the DNS cache, or altering user access paths through ARP spoofing. DNS hijacking typically targets specific domain names, while DNS pollution can affect a wide list of domain names or specific top-level domains.

　　Defense methods also vary. To address DNS pollution, users can restore normal resolution by switching DNS resolution servers, using encrypted DNS (such as DNS over HTTPS or DNS over TLS) to bypass the polluted nodes. To combat DNS hijacking, in addition to switching DNS servers, it's also necessary to strengthen device security to prevent DNS settings on routers or terminals from being tampered with. Furthermore, verifying the SSL certificates of the domains being accessed ensures that traffic has not been tampered with. Enterprise websites and service providers can also improve resolution accuracy and security by deploying multi-path DNS and secure DNS resolution services.

　　The following are frequently asked questions about DNS pollution and DNS hijacking:

　　Q: What is the biggest difference between DNS pollution and DNS hijacking?

　　A: DNS pollution primarily passively blocks access, preventing users from obtaining their real IP addresses. DNS hijacking actively manipulates access, directing user traffic to attacker-controlled servers, potentially modifying web page content or injecting advertisements.

　　Q: How can ordinary users determine whether they are experiencing DNS pollution or DNS hijacking?

　　A: If a website displays an inability to connect or the domain name cannot be resolved, it is likely DNS pollution. If the website is accessible but the page is abnormal, redirects, or displays unidentified advertisements, it may be DNS hijacking.

　　Q: Can DNS hijacking be addressed using the same methods?

　　A: Partially, but it's more important to ensure the security of your end devices and routers to prevent DNS settings from being tampered with, and to verify the website's SSL certificate to ensure that the content being accessed hasn't been tampered with.

　　Q: How can corporate websites protect themselves from DNS pollution and hijacking?

　　A: Enterprises can deploy secure DNS resolution, multi-path DNS, and encrypted DNS services, regularly detect resolution anomalies, monitor user access, and strengthen domain name and SSL certificate management.

　　Q: Do DNS pollution and DNS hijacking affect SEO?

　　A: Yes. DNS pollution can prevent some users from accessing your website, increasing bounce rates and hindering search engine crawling. DNS hijacking can tamper with website content or redirect user traffic to malicious pages, damaging your website's authority and brand reputation.

　　Overall, although both DNS pollution and DNS hijacking involve domain name resolution anomalies, their mechanisms, purposes, and manifestations differ. DNS pollution is more of a blocking attack, often initiated by intermediate network nodes or carriers; DNS hijacking is more of a tampering attack, actively carried out by attackers. Understanding the difference between the two will help you take targeted protective measures to ensure website access stability and user safety.