DNS hijacking is the unauthorized alteration of Domain Name System settings so that traffic meant for a legitimate domain is redirected to an attacker-controlled destination. Because DNS translates names like a site or service address into IP locations, changing DNS records, resolver settings, or router configuration can silently reroute users without changing the visible domain name.
In cyber security, DNS hijacking matters because it can be used to steal credentials, inject malware, disrupt services, or intercept sensitive communications. Attackers may abuse compromised admin accounts, exposed routers, registrar access, or poisoned local network settings. Defenders watch for unexpected DNS changes, enforce MFA on DNS and registrar portals, restrict who can edit records, and monitor resolver logs for anomalies. Using secure DNS management, strong change control, and rapid rollback procedures helps limit the impact when hijacking is attempted.