Phonebooks of the past and the Contact application on your smartphone changed how the world stored information that they used to contact people. Just like we have these, the internet has an entity known as DNS (Domain Name System).
The DNS like all other software is at risk of being attacked by hackers. This article will tell you more about DNS Cache Poisoning which leads to crimes like phishing.
You read more about Phishing here.
What is the Domain Name System (DNS)?
In simple language, the DNS is a phonebook system for the internet and consists of the IP Addresses for websites. It holds the numerical value(IP Address) for the information that we enter in the text format(hostname).
What is a DNS Server?
DNS servers are like your storage and search dialog. It examines the database of website hostnames when a request is put out by your browser. Each ISP usually maintains its DNS servers as having one shared server for the entire world is highly inefficient.
Also read: How Encryption works: Private Key vs Public Key
What is DNS cache?
A DNS cache is locally stored call log of the most recent requests put forward by your computer. Your operating system stores it in a bid to speed up the data fetching process. The computer intercepts the request made by the browser and it uses the cache to identify the required website rather than check the internet network.
Contents of a local DNS cache can be viewed using the following commands –
For Windows:
- Use the code ipconfig /displaydns in the command prompt
Note: To flush the DNS cache, in case you’re encountering browser issues, can be done by the entering ipconfig/flushdns
For Mac:
- Open the Console app.
- Select your respective device from the sidebar and enter any : mdnsresponder in the search dialog.
- Open your command line after the above steps and type in – sufo killall -INFO mDNSResponder.
What is DNS cache poisoning
Getting to the main topic of this article – also known as DNS Spoofing – DNS cache poisoning occurs when a hacker gains access to any DNS Server and can change some information in it.
Once the configuration required to access certain websites is changed, the user redirects to a shady website controlled by the hacker which can be used to steal the user’s information.
For instance, if the hacker can change the IP Address required to access Gmail in the source file then — whenever a request is put out for Gmail, the user may be redirected to a similar looking website that is rigged to read/copy login information.
DNS cache poisoning can also spread like wildfire as in some cases several ISPs use the same servers, and the compromised site then goes on to get stored on the cache of different systems.
How to avoid DNS cache poisoning
DNS cache poisoning can be avoided by following the measures given below:
- Configure your DNS servers so as it does not depend on other DNS servers
- Configure your DNS server to respond to specific domains and query requests
- Use up-to-date versions of DNS
- Use a trusted and reliable ISP
Also read: Internet Safety: Should you trust HTTPS? HTTP vs HTTPS