DNS changes to hacker's specified DNS (android)

Jul 3, 2018
I have little knowledge about tech related stuff but what I knew from my experience is that hacker's DNS's which are pri: , sec: made possible for anyone can remotely view my phone just like using "Remote Desktop Viewer" software.

I had used following methods to prevent DNS from changing but was unsuccessful (because DNS changes instantly when on the other side someone tries to connect):

(1) Following rules are added to "20-dns.conf" file (system/etc/dhcpcd/dhcpcd-hooks), Afwall+ custom script and init.d script but its only set DNS after reboot or when I run the script each time and do not prevent DNS from changing:

setprop net.dns1 setprop net.dns2 setprop net.eth0.dns1
setprop net.eth0.dns2
setprop net.rmnet0.dns1
setprop net.rmnet0.dns2
setprop dhcp.tiwlan0.dns1
setprop dhcp.tiwlan0.dns2
setprop net.ppp0.dns1
setprop net.ppp0.dns2
setprop net.pdpbr1.dns1
setprop net.pdpbr1.dns2

I also add the above rules to "build.prop" but result was the same.

(2)Installed Override DNS (root), it also does not prevent DNS change. It only set DNS (google, openDNS etc) after every reboot/connectivity change and cannot detect DNS change. I tried to change DNS from "Terminal Emulator" and was able to change DNS while "Override DNS" was ON. Another problem with "Override DNS" is that it shows an error (Network device name is null, The error message is netInfo is null,something went wrong) when data/wifi is off. While hacker does not need me to ON data/wifi to achieve his goal.

(3) Following IPTABLES rules are added to Afwall+ custom script and init.d script (didn't worked):

iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination
iptables -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination || true
iptables -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination || true
iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination
iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination


$IPTABLES -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination || true
$IPTABLES -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination || true

(4) I use terminal emulator by using "getprop | grepdns" command to see my active DNS servers. But its not showing recent changes made to DNS from other side except changes made by myself.

Once I installed "Spyhunter4" in PC and "advance DNS protection system" in "Spyhunter4"did the job so far. It showed popup "Your DNS setting has changed, Do you want to keep changes?" every time when DNS change attempt was made from other side and when I clicked on NO it revert back DNS to google, openDNS etc. This pop-up appeared like 100 times in a minute but later when I connect my PC to internet he (the hacker) was able to make changes to "comodo firewall" rules and Spyhunter4. did not worked anymore. When you open Spyhunter4 it updates its database everytime you launch it and that was also disabled. I know that because I had seen many IP's (belonging to hacker) in comodo killswitch, established connection to my PC.

I think something which locks my specified DNS (google, openDNS etc) and prevent it from changing will solve the problem.

Maybe experts here will reach to the root of the problem by simply looking into these DNS's:

But again I want to add here that the "hacker" does not need me to connect to internet to change my DNS servers or viewing my phone.