DNS Spoofing (Cache Poisoning)

DNS Spoofing is an attack where corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record (e.g., an attacker's IP address).

Attack Simulation

DNS Cache Status:

User Browser

DNS Resolver

Destination

Ready to resolve DNS...

Interactive: Toggle between "Secure" and "Poisoned" DNS cache. Then try to visit the bank and see where you end up.

How it Works

The PhonebookDNS is like a phonebook for the internet, translating names (bank.com) into numbers (IP addresses).
The LieAttackers trick the DNS server into saving a fake entry (e.g., "bank.com is at 6.6.6.6" instead of the real IP).
The RedirectWhen users type "bank.com", their computer asks the poisoned server and is silently sent to the attacker's fake site.

Prevention & Defense

DNSSECDNS Security Extensions add cryptographic signatures to DNS records, proving they are authentic and haven't been tampered with.

End-to-End Encryption (HTTPS)Even if redirected, the browser will likely show a certificate error because the attacker doesn't have the real bank's TLS certificate.

Short TTLUsing shorter Time-To-Live settings on DNS records reduces the duration a poisoned entry stays in cache.