webdnstools.com
DNS Lookup, Reverse DNS Lookup, Domain Configuration Check and IP Address Calculators

What is DNS Cache Poisoning

DNS Cache Poisoning is when the data stored by a caching DNS server is altered to return invalid or different information.

DNS Caching

Many local DNS servers store a local copy of DNS information that is retrieved. This is known as a local cache. Data is stored in a cache to reduce the load and increase performance as once information is stored locally, subsequent requests will return the local data, until the cached entries expire.

The expiration time of the cached entries is controlled by the TTL (Time To Live) settings of the original records at the authoritative DNS servers.

The DNS servers at large ISP's usually cache information. This reduces the amount of bandwidth that is used when clients perform lookups of commonly used records.

DNS Cache Poisoning

If, by exploiting a vulnerability in a caching DNS server, someone is able to change the values in that cache, then that cache has been poisoned. People might attempt this to make websites inaccessible to other users. This is a type of DOS (Denial Of Service) attack. Or the DNS cache might be altered so that all requests to a specific website are redirected to another site. Unlike a phishing attack, the end user may not notice anything unusual, as the name of the website would be correct.

DNS cache poisoning only affects users who use the DNS servers which have the altered records.