How Hackers Spoof DNS Requests With DNS Cache Poisoning

Domain Name Server (DNS) Spoofing is a cyber attack that tricks your computer into thinking it’s going to the correct website, but it’s not. Attackers use DNS cache poisoning to hijack internet traffic and steal user credentials or personal data.


DNS cache poisoning and DNS spoofing are synonymous and often used interchangeably. But, to be precise you can think of them as the How and What of the same cyber attack. The hacker wants to trick users into entering their private data into unsafe websites. How will they do this? By poisoning the DNS cache. What they are doing is spoofing or replacing the DNS data for a particular website so that it redirects to the hacker’s server and not the legitimate web server. From there the hacker is primed to perform a phishing attack, steal data, or even inject malware into the victim’s system.


Get the Free Pen Testing Active Directory Environments EBook “This really opened my eyes to AD security in a way defensive work never did.”


Varonis can detect DNS cache poisoning attacks by monitoring DNS and detecting abnormal behavior in your user’s activity.

  • What is DNS Spoofing and Cache Poisoning?

  • How Does a DNS Cache Poisoning Attack Work?

  • How To Detect DNS Cache Poisoning

  • How To Protect Against DNS Cache Poisoning

  • DNS Spoofing FAQs


What is DNS Spoofing and Cache Poisoning?



Before we talk about the attack, we need a refresher on what is DNS and DNS caching. DNS is the worldwide catalog for IP addresses and domain names. Think of it like the phonebook for the internet. It translates end-user friendly URLs like Varonis.com to the IP address like 192.168.1.169 which are used by computers for networking.


DNS caching is the system that stores these addresses in DNS servers all around the world. To keep your DNS requests quick, the original developers created a distributed DNS system. Each server stores a list of DNS records it knows – this is called a cache. If your closest DNS server doesn’t know the IP address you need, it asks other upstream DNS servers until it finds the IP address for the website you are trying to hit. Your DNS server then saves that new entry to your cache for faster response times.


Examples and Effects of DNS Cache Poisoning

DNS wasn’t designed to manage the modern internet at all. It’s gotten better over the years, but one misconfigured DNS server that pulled DNS entries from a server in China – and all of a sudden, no one can get to Facebook. This i