DNS cache poisoning, as the name indicates, is not much different from the commonly used meaning of poisoning but it is related to the poisoning of your browsing system.
How can a browsing system be poisoned? This is an interesting question, one you want to know about. So, simply DNS poisoning is the practice of inserting erroneous data into a DNS cache to cause DNS queries to produce misleading results and send people to the wrong domains.
It involves using updated DNS records to reroute online traffic to a counterfeit website that closely matches its original target.
DNS poisoning is possible due to a multitude of flaws, but the main issue is that DNS was designed for a much smaller Internet and is based on a trust premise. Some of these issues are addressed by DNSSEC, a more secure DNS protocol, but it is not yet commonly used.
How can this be done?
The “room numbers” of the Internet are IP addresses, which allow web traffic to reach its destinations. The “campus directory” is the DNS resolver cache, and until the cached information is updated, traffic will be routed to the incorrect locations.
When users arrive there, they are requested to log into their account, providing the culprit the chance to steal their access credentials and other kinds of private data.
Additionally, the malicious website is frequently used to download viruses or worms onto a user’s computer, allowing the attacker permanent access to the computer and the data it stores.
By posing as DNS nameservers, sending a request to a DNS resolver, and then faking the response when the resolver asks a nameserver, attackers can poison DNS caches.
This is feasible due to the DNS servers’ usage of UDP rather than TCP and the lack of DNS information verification at the moment.
Factors to Carry out DNS Spoofing Attacks
To conduct DNS spoofing attacks, the attackers additionally need to know or speculate about the following factors:
- An identifier for the requestInformation about DNS requests the targeted DNS resolver does not cache, causing the resolver to contact the authoritative nameserver
- What port* the DNS resolver is using—previously, each query used the same port, but now uses a different, random port instead.
- Which authoritative nameserver will receive the query
Methods to Carry out DNS Poisoning
DNS spoofing attacks can be made possible mainly in two ways:
- Man-in-the-middle (MITM) is the process of intercepting user connections with a DNS server and redirecting them to a different, malicious IP address.
- DNS server compromise: When a DNS server is directly taken over and set up to return a malicious IP address.
Use of DNSSEC for prevention of DNS Poisoning
DNS Spoofing is not an unresolvable problem. It can be prevented. Domain Name System Security Extensions, or DNSSEC, is a technique for confirming the origin and integrity of DNS data.
Because no such verification was included in the initial design of DNS, DNS poisoning is a possibility.
Similar to TLS/SSL, DNSSEC verifies and authenticates data using public key cryptography, a method of digitally signing documents.
Although DNSSEC extensions were announced in 2005, DNSSEC is still not widely used, leaving DNS open to assaults.