The invention discloses a DNS (
Domain Name System) hijacking detection method. The
DNS hijacking detection method includes the following steps: the step 1: issuing a standard DNS lookup for an IP, wherein the
domain name of the IP does not enable DNS service lookup support abroad; and if a returned result IP does not exist, directly deciding that the
domain name is not hijacked; and if a returned result IP exists, performing the step 3; the step 2: performing a standard DNS lookup on the
domain name in the step 1 on a local DNS
server to obtain a result IP returned by the local DNS; and the step 3: comparing the result IP returned by the
server which does not enable the DNS service lookup support abroad with the result IP returned by the local, deciding that the domain name is not hijacked if the two result IPs are identical to each other, and deciding that the domain name is hijacked if the two result IPs are not identical to each other. The
DNS hijacking detection method does not need maintenance of a hijacked IP
list, and can decide whether the domain name is hijacked by means of comparison of the result IPS after analysis of the two domain names, so that the
DNS hijacking detection method is more efficient and accurate.