Compromised dns / full hack. Question about DNS server trust during install and upgrade

Support
1

– Please Write here your help request, –
Hey All,

I have been quite high level hacked and the issue is with DNS servers…

a hacker compromised my cloudflare, added a (my-name).worker.dev domain and worker and shifted some zones…

my notebook has been hacked in ubuntu and windows, with firefox adding an except not to use secure dns for (my-name).worker.dev

So i installed a fresh OS with parrotos… then did parrot-upgrade twice…

I have locale issues where the calendar and other things show strange chars for the numbers… perhaps normal.

But i then realized a big issue:

If someone can control my dns servers at router / ISP level… does parrotos do checks on all the apt servers to ensure they are valid? Or should i consider this upgrade compromised due to certainly having untrustworthy DNS? I never had a dhance to select which dns was used in installation… this could be a big hole?

  • Parrot version in use (if you are not aware of it, open terminal and type cat /etc/os-release | grep VERSION):

  • Kernel version (if you are not aware of it, open terminal and type uname -r):

  • Logs/Terminal output (use pastebin or similar services):

  • Screenshots:

2

The other relevant part was that I had Firefox set to strictly use CIRA the Canadian non profit dns provider that firefox defaults to for canadians, except i set it to strict maximum. Do not fall back.

after 2-3 minutes or less, I would get “unexpected error” in firefox trying to resolve dns queries.

switching to another provider (nextdns or cloudflare) would work.

I am assuming the goal is to push me to Cloudflare where the worker was running.

With the worker, and a not-trust-worthy router / isp dns my options are pretty limited.

How can this affect an install and upgrade?