Rogue DNS: HTTPS Security Risks

TL;DR

Yes, a HTTPS connection can be compromised by a rogue DNS server even though the connection itself is encrypted. This happens because DNS translates website names (like example.com) into IP addresses. If a malicious DNS server points you to the wrong IP address, you could end up on a fake website that looks real but steals your information.

How it Works

HTTPS encrypts data between your browser and the web server. DNS happens before this connection is established. Think of it like this:

• You type a website address (e.g., example.com).
• Your computer asks a DNS server: “What’s the IP address for example.com?”
• The DNS server replies with an IP address (e.g., 93.184.216.34).
• Your browser connects to that IP address using HTTPS.

If the DNS server is compromised, it can give you a fake IP address, sending you to a malicious website even if you type the correct web address.

Steps to Protect Yourself

1. Use a Trusted DNS Server: Don’t rely on your internet service provider’s (ISP) default DNS server. They are often less secure.
   • Public DNS Servers: Consider using well-known public DNS servers like:
     • Google Public DNS: 8.8.8.8 and 8.8.4.4
     • Cloudflare DNS: 1.1.1.1 and 1.0.0.1
     • Quad9: 9.9.9.9
   • Changing DNS Settings (Windows):
     1. Open Control Panel → Network and Internet → Network and Sharing Center.
     2. Click on your active network connection.
     3. Select “Properties”.
     4. Select “Internet Protocol Version 4 (TCP/IPv4)” and click “Properties”.
     5. Choose “Use the following DNS server addresses” and enter your preferred DNS servers.
   • Changing DNS Settings (macOS):
     1. Open System Preferences → Network.
     2. Select your active network connection.
     3. Click “Advanced”.
     4. Go to the “DNS” tab and add your preferred DNS servers using the “+” button.
2. Enable DNS over HTTPS (DoH): This encrypts your DNS queries, preventing eavesdropping.
   • In Chrome/Edge: Settings → Privacy and security → Security → Use secure DNS. Choose a provider or set a custom one.
   • In Firefox: Type about:config in the address bar, accept the risk, search for “network.trr.mode”, and set it to 2 (to enable DoH). Also configure `network.trr.uri` with a DoH provider URL (e.g., https://mozilla.cloudflare-dns.com/dns-query).
3. Use DNSSEC: This adds cryptographic signatures to DNS data, verifying its authenticity.
   • Most public DNS servers (like Google Public DNS and Cloudflare) support DNSSEC by default.
   • Your operating system or router may also have DNSSEC validation options – check your documentation.
4. Check Browser Warnings: Pay attention to browser warnings about invalid SSL/TLS certificates, as these can indicate a man-in-the-middle attack (often facilitated by rogue DNS).
5. Keep Software Updated: Regularly update your operating system, browser, and antivirus software.

Detecting a Rogue DNS Server

It’s difficult to detect directly, but you can use online tools:

• DNS Leak Tests: Websites like DNSLeakTest show which DNS servers your computer is using.