What is DNS Cache Poisoning?

DNS cache poisoning is a technology issue where the domain name system used to look up IP addresses for domain names becomes corrupted, sending users who type those addresses into their browsers to the wrong place. There are a number of ways for a DNS cache to become poisoned, ranging from a malicious attack to a mistake made while configuring a system. It represents a security weakness, as people with malicious code can use DNS cache poisoning to attack innocent Internet users.

When users type an address like www.wisegeek.com into a browser, their computers query a server that stores IP addresses to find out where the wiseGEEK server is. The server provides the information, pointing the user's computer to wiseGEEK. In DNS cache poisoning, the server provides incorrect information, sending users to an unintended location. Sometimes the address is simply invalid and the user cannot reach the site or hits another site in error, but in malicious attacks, the user may be sent to a site containing harmful software like spyware and the site can automatically install that software if the user's computer is poorly secured.

Maintenance of DNS servers is done on a regular basis to update the addresses, find and fix security flaws, and address any corruption or poisoning. Users infected with viruses may find that even if the DNS server is accurate, their computers still will end up in the wrong place when they enter a web address as a result of the virus.

When DNS cache poisoning happens by accident as a result of a bad installation or another problem, it is usually identified and fixed quickly. In cases where malicious code is involved, it can be more difficult to untangle. For example, a computer can be tricked into thinking it is querying a server to get the right address, when in fact a virus is substituting an IP address that will lead the user to a completely different site. DNS cache poisoning can be a big problem when users try to go to trusted sites like their bank and they are unable to reach them.

Security flaws like DNS cache poisoning are difficult to counter, although new techniques are always being developed and antivirus programs regularly provide updates for viruses known to use attacks involving the DNS cache. As people find new ways to combat them, individuals interested in malicious activity find ways to circumvent the new safety measures, forcing developers to return to the drawing board to find another tactic.