Domain Name System, is one of the important component that works behind Internet. Whenever a user connects to a domain name like “techglimpse.com”, your computer asks DNS server and the DNS responds with one or more IP address. Once your computer receives the information from DNS, it then connects you to techglimpse.com. It means, DNS was the median that helps your computer to map between the human readable domain name like “techglimpse.com” to computer readable IP address like “10.10.10.1”. If you are new to DNS and would like to know how DNS works, just head on to our article.
Ok! Now, you know how DNS works? But what is DNS cache? and how it can be poisoned?
The Internet functions with the help of multiple DNS servers located around the world. It starts like this, your computer will have a local DNS cache, then your router functions as DNS server and caches information from Internet Service Providers (ISPs) DNS servers. Your ISPs will run their own DNS servers, which again cache information from other DNS servers. Now assume you are connecting to a domain ‘techglimpse.com’. Your computer will refer to its own local DNS cache, if it has the IP address of techglimpse.com, then simply returns. If not, it asks ISPs DNS servers and ISPs DNS servers will perform a lookup in its own DNS cache, if it doesn’t find one, then redirects the query to other DNS servers.
What is DNS Cache Poisoning?
DNS Cache can be poisoned by injecting incorrect entry. For example, if attacker takes control of DNS server and injects incorrect entries into it. For instance, making facebook.com to point to attacker’s own IP address. Now whenever the DNS server receives a query for domain ‘facebook.com’, it will respond with wrong IP address, which might be a phishing website or hosts malicious programs.
Assume if your ISP getting DNS information from a poisoned DNS server, then this wrong information will spread to ISPs DNS cache, your home router and then to your computer’s local DNS cache. This is what is called as DNS Cache poisoning.
DNS Spoofing is a type of an attack that poison the weak DNS system to redirect the traffic to fake phishing websites. It’s very dangerous because the wrong information can spread from one DNS server to other.
So finally What’s the solution to prevent DNS cache poisoning?
The proposed solution to DNS cache poisoning is DNSSEC (DNS Security Extensions), which will actually contain signed DNS records. DNSSEC will use proven Public-key cryptography to ensure whether DNS responses are to be trusted or not.
READ: Beginners guide to DNSSEC
READ: How to setup DNSSEC on Bind?
READ: How to identify a domain is DNSSEC signed or not?
Checkout other DNS related articles here.
