Also referred to as DNS cache poisoning, Domain Name Server (DNS) spoofing is a form of computer security hacking in which false information is placed in a DNS resolver cache. Altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.
With DNS spoofing, unsuspecting victims end up on malicious websites. Once there, victims are prompted to login into their account (or a false version of it), giving the attacker the ability to steal their credentials and other types of sensitive information. The malicious website is also used to install worms or viruses on a victim’s computer, giving the attacker long-term access to both the computer and the data it stores.
A DNS server translates human-readable domain names into numerical IP addresses so that computers can process them. This is used to route communications between nodes. If the server does not know a requested translation it will ask another server, with the process continuing in a circular pattern. To increase performance, a server will cache these translations for a certain amount of time.
When a DNS server has received a false translation and caches it for performance, the false translation is considered to be poisoned and it supplies false information to clients. If a DNS server is poisoned, it will return an incorrect IP address, diverting traffic to another computer, often an attacker’s.
Website owners and service providers can prevent DNS spoofing by:
Endpoint users can prevent DNS spoofing by: