Showing results for 
Search instead for 
Did you mean: 

Asus DSL routers hijacked DNS

Rising Star
Posts: 103
Thanks: 20
Registered: ‎02-02-2016

Asus DSL routers hijacked DNS

If you have an Asus DSL router that has the "Enable Web Access from WAN" option enabled then check whether your DNS has been hijacked.  I just noticed that my DSL AC-68U has had the DNS changed to which is a known hijack DNS server.  I am on the latest firmware ( but I guess this doesn't include some required security updates and hackers are able to access the setup page without needing the router password.

If your DNS has been changed then make sure you set it back to defaults or Google / OpenDNS settings.  Luckily I don't use the router DHCP server so this didn't actually impact me but is worrying that Asus have not publicised this security hole as far as I know.  You should turn off the web access option until the security holes are patched.

Even if you have the option "Connect to DNS Server automatically" enabled your actual DNS server may have been hijacked.  You can check this by going to the network tools and select NSLookup method and try - it should return something like this:

Address 1:
Address 2:
Address 3:

If you see some random looking names instead then it has been DNS hijacked.

Moderator's note by Mike (Mav): Post released from Spam Filter.

BT FTTP 500 + pfSense + Uniquiti Unifi 6 Pro
Posts: 22,148
Thanks: 4,653
Fixes: 512
Registered: ‎06-04-2007

Re: Asus DSL routers hijacked DNS

Moderator's note by Mike (Mav): This thread is now in the appropriate board.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Posts: 8
Thanks: 2
Registered: ‎05-07-2017

Re: Asus DSL routers hijacked DNS

Surely, unless you really, really, really have a need to access the router from outside your network it would be best to turn the option off.   If you must enable it - set a really good strong password.

I have an Asus router, however I use Merlin's firmware on mine and "Enable Web Access from WAN"  is turned off by default, not sure if that's the case with the standard firmware.