DNS Cache Poisoning
What is DNS Cache Poisoning?
DNS Cache PoisoningAn attack that inserts forged records into a DNS resolver's cache so subsequent queries return attacker-chosen addresses until the TTL expires.
DNS cache poisoning targets recursive resolvers by tricking them into accepting a malicious answer that they then store. Classic techniques include guessing or sniffing transaction IDs, exploiting predictable source ports (Kaminsky attack), or race-condition replies that arrive before the authoritative response. Once cached, every downstream user of that resolver is redirected to attacker infrastructure for the duration of the TTL, enabling large-scale phishing, malware delivery, or TLS interception. Mitigations include DNSSEC, source-port randomization, 0x20 case randomization, query name minimization, and short, conservative TTLs.
● Examples
- 01
The 2008 Kaminsky attack that exploited port-predictability flaws in major resolvers.
- 02
Poisoning an ISP resolver so all its subscribers reach a fake online-banking site.
● Frequently asked questions
What is DNS Cache Poisoning?
An attack that inserts forged records into a DNS resolver's cache so subsequent queries return attacker-chosen addresses until the TTL expires. It belongs to the Attacks & Threats category of cybersecurity.
What does DNS Cache Poisoning mean?
An attack that inserts forged records into a DNS resolver's cache so subsequent queries return attacker-chosen addresses until the TTL expires.
How do you defend against DNS Cache Poisoning?
Defences for DNS Cache Poisoning typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for DNS Cache Poisoning?
Common alternative names include: Cache poisoning.