What is DNS cache poisoning? How is it connected with the internet and devices that are connected to, and active on the internet? Let us try and understand a few terms before going deeper into finding out what DNS cache poisoning is .
Domain Name Server (DNS)
A telephone directory is used to find a person’s landline contact number when you know their name. Similarly, when you type a website name (google.com) in the location bar and type enter, your computer translates this human readable website name to a numerical or IP address (18.104.22.168) representing the google.com name and consequently your browser displays the contents of the page stored at that IP or numerical address (22.214.171.124). The internet receives this service from the Domain Name Server in your computer.
Now, with a basic understanding of DNS, a cache is a place where things are stored. So a DNS cache is a place on your computer where internet IP addresses are stored. DNS cache or local DNS cache and DNS servers work in relation to modems, and the internet is crucial to understanding what DNS cache poisoning is.
When you type a website name into your browser’s location bar and press enter, the DNS is the first place your computer looks to find the numerical or IP address of the website you wish to visit.
The DNS cache also called local DNS cache, as it is the place in your computer’s memory that stores frequently accessed information on website DNS lookups. Information on the websites that you frequently visit is stored in the cache. So, when you request to visit a specific website, your computer already knows the numerical or IP address it needs to visit on the internet, to display its contents on your screen.
Your modem acts as a DNS server to your local DNS cache, which in turn gets its DNS information from your ISP’s DNS servers and so on. The ISP’s DNS servers get their information from DNS servers on the internet.
DNS Cache Poisoning
Imagine this scenario. There is a newspaper somewhere on God’s green earth that is doing an excellent job printing the news in the local town, unbiasedly and honestly. The editor runs a tight ship and the employees of the newspaper company are rewarded fairly in terms of their salaries and benefits.
One fine day, the editor gets a call from an surprised and irate citizen in town to complain that when he has typed in the newspaper’s address on his computer’s browser, it shows a shady website on his computer screen. Soon the editors phone is constantly ringing as more people from town call with the same complaint. What has gone wrong? This is DNS cache poisoning.
When people in town type in the address for the newspaper, their DNS lookups redirect them to the unsavory website instead. This has happened because an unscrupulous character has fraudulently obtained control of the DNS server for the newspaper and has pointed the newspaper’s IP address to his own website, which could be a malware or phishing site. The people in town are experiencing what is DNS cache poisoning.
In turn, internet service providers that receive DNS information from the doctored DNS server, will cache the incorrect DNS information for the newspaper.
The wrong DNS information will then spread to modems and into homes, which will get the whole town involved in our hypothetical example of DNS cache poisoning.
So, if you have tried going to one of your favorite websites and keep ending up somewhere you didn’t intend to go, it’s probably not your fault and your favorite website is the victim of DNS cache poisoning. If you have another way, such as a phone number or regular email address, try to contact the website and let them know about the problem. Chances are they may already know, but it never hurts to give them a heads up just in case.