DNS Spoofing
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/dns-spoofing/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>
Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/dns-spoofing/
Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/dns-spoofing/)
Use the native HTML custom element.
Definition
An attack that corrupts DNS cache entries to redirect domain name lookups to a malicious IP address. Also called DNS cache poisoning, it can silently redirect users to phishing sites without changing the URL in the browser.
The Cache Poisoning Mechanism
DNS spoofing — also called DNS cache poisoning — exploits the way resolvers cache responses. When a recursive resolver queries an authoritative server and receives a response, it caches that response for the duration of the TTL (Time to Live)A field in an IP packet header that limits the packet's lifespan by specifying the maximum number of hops it can traverse. Each router decrements the TTL by one; when it reaches zero, the packet is discarded to prevent routing loops.. If an attacker can inject a forged response before the legitimate one arrives, the resolver caches the malicious mapping. Every user querying that resolver is then directed to the attacker's IP.
The classic attack vector, discovered by Dan Kaminsky in 2008, involved flooding a resolver with forged responses containing randomized transaction IDs and source ports, racing to match the legitimate query. The discovery prompted emergency patching of virtually every DNS implementation worldwide.
DNSSEC as the Defense
DNSSEC adds cryptographic signatures to DNS records. When a resolver receives a signed response, it validates the signature chain back to the DNS root. A forged response will fail signature validation, preventing cache poisoning. However, DNSSEC deployment remains incomplete — many domains are still unsigned.
Practical Impact
DNS spoofing can redirect users to Man-in-the-Middle AttackAn attack where an adversary secretly intercepts and potentially alters communication between two parties who believe they are communicating directly. HTTPS and certificate pinning are primary defenses against this attack. proxy servers that harvest credentials, even when users type the correct URL. Combined with a valid SSL/TLS CertificateA digital document that binds a cryptographic key pair to an organization or domain, enabling encrypted HTTPS connections. Issued by Certificate Authorities (CAs) like Let's Encrypt, it proves a website's identity to browsers. (obtainable if the attacker controls the domain's DNS long enough to pass DV verification), the attack becomes nearly undetectable to end users.
Use DNS Lookup to verify that a domain's records match expectations, and DNS Leak Test to confirm your resolver is not sending queries to unexpected destinations.