Attacks & Threats
DNS Cache Poisoning
Also known as: Cache poisoning
Definition
An attack that inserts forged records into a DNS resolver's cache so subsequent queries return attacker-chosen addresses until the TTL expires.
Examples
- The 2008 Kaminsky attack that exploited port-predictability flaws in major resolvers.
- Poisoning an ISP resolver so all its subscribers reach a fake online-banking site.
Related terms
DNS Spoofing
An attack that injects falsified DNS responses to redirect victims from a legitimate domain to an attacker-controlled IP address.
DNS Hijacking
An attack that redirects DNS resolution to attacker-controlled answers by modifying client settings, router configurations, resolver responses, or authoritative DNS records.
Cache Poisoning
An attack that stores a malicious response in a shared cache so that other users later receive the attacker's content.
Pharming
An attack that silently redirects users from a legitimate site to a malicious one by tampering with DNS, hosts files, or local routing — without requiring the victim to click a link.
DNSSEC
A set of DNS extensions that cryptographically sign zone data so resolvers can verify the authenticity and integrity of DNS responses.
DNS over HTTPS (DoH)
A protocol that carries DNS queries and responses over an encrypted HTTPS connection, protecting them from eavesdropping and tampering on the local network.