whatsmydns.net - DNS Propagation Checker
  1. What's My DNS?
  2. DNS Security
  3. DNS Attacks
  4. DNS Cache Poisoning

DNS Cache Poisoning

What is DNS Cache Poisoning?

DNS Cache Poisoning (also known as DNS Spoofing) is an attack type whereby attackers take advantage of vulnerabilities in DNS server software to inject malicious results into the cache of DNS resolvers. These results are then given out to users attempting to visit the website or service that the request was for and ultimately being tricked into visiting a fraudulent version of the resource typically with the goal of stealing personal information such as login details and credit cards, or to infect their devices with malware.

Who is affected by DNS Cache Poisoning?

DNS Poisoning can affect network providers, website owners, as well as end-users & customers.

Network Providers - Network providers operating DNS servers are affected by this attack type as they are running the servers responsible for handling the requests. What this usually means is that they are running potentially out of date and insecure versions of their software which are vulnerable to having data maliciously injected into their cached copy of DNS query results.

Website Owners - Website or other service providers (eg VoIP, email, game servers, etc) are typically not the intended victim of this type of attack as usually the goal is to take advantage of end users.

However, website owners can also be affected - if end users do hand over some of their personal information to the attacker, then this information contain login information for the website which depending on what level of access this user has may be able to gain access to and perform harmful actions on the website.

Additionally, users and customers may wrongly lay blame to the website owner as they may think that their information was leaked as part of a direct website compromise.

Users & Customers - End users and customers are typically the main target of this attack - they are often misled into visiting a website which they think is legitimate however is run by the attacker instead. Once the user thinks that they are using a trusted service, they may enter their personal information such as login details, personal addresses, or credit card details which the attacker will store and use for their own purposes or sell on to third parties.

How is DNS Cache Poisoning performed?

DNS Cache Poisoning is often the result of out of date, misconfigured, or vulnerable DNS server software which is being used as a DNS resolver by end users. Attackers will send specially crafted messages to the DNS resolver which takes advantage of these issues with the intention of injecting or overwriting cached DNS results with data pointing to a server under their control.

Other DNS Attack Types