What does DNS pollution mean? A complete explanation even for beginners

　　Simply put, DNS pollution occurs when, during the DNS resolution process, users receive a tampered, falsified IP address instead of the correct one. In other words, you might want to access website A, but the DNS returns an incorrect address, address B. Consequently, your browser won't be able to access the target website, or may instead be redirected to the wrong website. To understand this issue, let's first review the normal DNS workflow.

　　When you enter a URL, your computer first checks its local cache for a corresponding IP address. If not, it then requests the local carrier's DNS server. If that still doesn't work, it searches higher-level DNS servers until it finds the correct answer. This query process involves multiple steps, and if any of these steps are interfered with, the result can be erroneous. DNS pollution involves inserting false responses during data transmission, tricking your computer into believing it's the correct answer, thereby deceiving the user.

　　Common symptoms of DNS pollution include: certain international websites failing to open, resolving to a nonexistent IP address, slow page load times, or redirects to unrelated websites. Sometimes, entering a domain name only leads to a phishing page; this could also be the result of DNS pollution.

　　So, why does DNS pollution occur? There are several main reasons. One is a cyberattack: hackers exploit vulnerabilities to inject false information into the DNS cache, redirecting user traffic to specific websites. This is a common occurrence in cybersecurity incidents. Another is due to specific network limitations. For regulatory or security reasons, some regions intentionally return incorrect DNS results to block specific websites. Another possibility is network operator configuration or advertising hijacking, where users accessing certain domains are redirected to advertising pages or their own service pages.

　　For ordinary users, the harm of DNS pollution goes beyond simply "not being able to access websites." It can affect the online experience, reduce access speeds, and even pose security risks. If an attacker uses DNS pollution to redirect your bank website to a fake page, your account number and password could be stolen. This is why DNS pollution is considered a serious attack method in the cybersecurity field.

　　There are several common solutions to DNS pollution. The most direct solution is to change the DNS server. For example, changing the default carrier DNS to a public DNS. These public DNS servers are widely distributed and relatively more secure, which can reduce the pollution problem to a certain extent. However, it's important to note that if the contamination occurs during the transmission link, even changing the DNS may still affect the connection.

　　Another solution is to use an encrypted DNS protocol. Traditional DNS queries are transmitted in clear text, making them vulnerable to interception and tampering. DoH and DoT, however, transmit resolution requests over encrypted channels, making it much more difficult for third parties to insert spoofed responses. Major browsers like Chrome and Firefox already support DoH and can be enabled in settings.

　　Another approach is to directly modify the local Hosts file to bind the domain names and IP addresses of frequently used websites locally, bypassing the DNS resolution process. While this can partially address the issue, IP addresses can change, and if not updated promptly, access failures will still occur. For ordinary users, this method is suitable as a temporary solution. A more advanced method is to access through a proxy server, which encrypts your network traffic and forwards it to other nodes, thereby bypassing the local contamination and obtaining the correct resolution result. This is also a common method used by many people to access restricted websites.

　　In short, DNS contamination is essentially "false information" generated during domain name resolution, causing users to receive incorrect IP addresses and ultimately prevent them from accessing the target website. This can occur for offensive purposes, ad hijacking, or due to artificial restrictions. While completely avoiding DNS pollution isn't realistic, it can be effectively mitigated by changing DNS servers, enabling encryption protocols, and modifying the Hosts file. For beginners, the simplest approach is to change DNS servers or enable the DOH feature in your browser. These are simple and effective.

　　Some Q&A about DNS pollution:

　　Q1: Are DNS pollution and DNS hijacking the same thing?

　　A1: They are similar, but not identical. DNS pollution generally involves inserting false responses during transmission, while DNS hijacking often occurs at the carrier or local network level, forcibly modifying the user's resolution results.

　　Q2: Why do some websites work abroad but not in China?

　　A2: This could be due to DNS pollution or network restrictions. Queries abroad return the correct IP address, but in local network environments, resolution is disrupted.

　　Q3: Does using public DNS completely eliminate the pollution problem?

　　A3: Not necessarily. If the pollution occurs during transmission, even with a public DNS, the returned data could still be tampered with. However, public DNS offers greater security and can at least mitigate some of these issues.

　　Q4: Will enabling DoH affect internet speed?

　　A4: In most cases, the impact is minimal, and may even improve internet speed. This is because DoH service nodes are typically distributed across multiple regions around the world, allowing them to intelligently select the optimal path.

　　Q5: Is it safe to modify the Hosts file?

　　A5: Modifying the Hosts file is safe, but only if you are certain that the IP address you are binding to is authentic. If the source is unknown, it may result in access errors or redirect you to malicious websites.