As the use of the internet has become popular, so has the sophistication of the attacks. In this sense, DNS poisoning is one of the most widely used blackhat techniques. It is also one of the oldest attacks. Every time you access a web page, the usual thing is that you refer to it by its domain. Something that is not readable by search engines. In order for them to find the website you are looking for, they have to translate your words into a number system. This system is known as an IP address. The first time you type the website, a request is sent to the DNS servers whose response will be the IP address that corresponds to that domain. In this way, the search engine is able to show you the web page that you have requested.
DNS cache poisoning consists of inserting false information into a DNS cache, so that DNS queries return an incorrect response and direct users to the wrong websites. DNS cache poisoning is also known as (DNS spoofing). IP addresses are, so to speak, the rooms of the Internet and enable traffic to reach the right places. The DNS resolver caches are the “facilities directory”. When they store the wrong information, the traffic goes to the wrong places, until the cached information is corrected.
Attackers can poison DNS caches by posing as DNS name servers, making a request to a DNS resolver, and then falsifying the responses when the DNS resolver queries a name server. This is possible because DNS servers use UDP instead of TCP and because there is currently no verification of DNS information.
If a DNS resolver receives a spoofed response, it accepts and caches the data uncritically, since it is not possible to verify if the information is accurate and comes from a legitimate source so you can get one.
DNS resolvers provide clients with the IP address associated with a domain name. In other words, they take addresses from human-readable websites like “cloudflare.com” and translate them into machine-readable IP addresses. When a user tries to navigate to a website, their operating system sends a request to a DNS resolver. The DNS resolver responds with the IP address and the web browser takes the address and starts the website loading.
Other reads:
BIND – the most used DNS server on the internet
SigRed – A dangerous vulnerability of Windows DNS
