2014-11-15

How to Prevent ISP's DNS Poisoning

The case was, my fourth ISP redirect every DNS request to their own DNS servers, and the poison certain domain names (for example: Manga sites) to their own server (114.127.223.16). How to prevent this? first of all you'll need to install dnscrypt, this program could encrypt DNS requests, so it's become harder to poison.

pacman -Sy dnscrpyt-proxy

then you'll need to start the service:

sudo systemctl enable dnscrypt-proxy
sudo systemctl start dnscrypt-proxy

then, change your /etc/resolv.conf to localhost:

nameserver 127.0.0.1

voila, now your DNS resolving not poisoned anymore :3 yayy~