Home

DNSspoofing

DNS spoofing is the manipulation of the Domain Name System to deceive a user or a resolver into accepting a false IP address for a domain. By delivering forged DNS data, an attacker can cause a query for a legitimate domain to resolve to a malicious server, potentially enabling traffic interception, credential theft, or malware distribution. Spoofing exploits weaknesses in how DNS responses are matched to queries and can occur at various points in the resolution path.

Attack methods include cache poisoning, where forged responses are inserted into a resolver’s cache so subsequent

The impact of DNS spoofing can be severe, enabling phishing, redirection to counterfeit sites, credential theft,

queries
return
the
attacker’s
address.
Historically,
DNS
spoofing
relied
on
predicting
the
query/response
pair;
modern
defenses
aim
to
minimize
this
risk.
Other
modalities
include
man-in-the-middle
positions,
compromised
routers
or
hosts
that
alter
DNS
settings,
and
rogue
or
misconfigured
DNS
servers
that
provide
incorrect
mappings.
Pharming
combines
DNS
manipulation
with
client-side
or
network-level
redirection
to
achieve
similar
outcomes.
drive-by
malware
installation,
or
surveillance
of
user
activity.
Preventive
measures
focus
on
both
protocol-level
defenses
and
network
hygiene.
DNSSEC
provides
cryptographic
authentication
of
DNS
data,
reducing
the
likelihood
that
forged
responses
are
trusted.
Adoption
of
DNSSEC
validation,
DNS
over
TLS
or
DNS
over
HTTPS
to
encrypt
queries,
and
careful
server
configuration
help
mitigate
spoofing.
Additional
defenses
include
source
port
randomization,
query
ID
entropy,
ingress
filtering,
and
operating
secure
resolver
infrastructure.
Ongoing
monitoring
for
unexpected
DNS
results
aids
detection
and
response.