- DCN Tutorial
- Data Comm & Networks Home
- DCN - Overview
- DCN - Computer Network Types
- DCN - Network LAN Technologies
- DCN - Computer Network Topologies
- DCN - Computer Network Models
- DCN - Computer Network Security
- Physical Layer
- DCN - Physical Layer Introduction
- DCN - Digital Transmission
- DCN - Analog Transmission
- DCN - Transmission media
- DCN - Wireless Transmission
- DCN - Multiplexing
- DCN - Network Switching
- Data Link Layer
- DCN - Data Link Layer Introduction
- DCN - Error detection and Correction
- DCN - Data Link Control & Protocols
- Network Layer
- DCN - Network Layer Introduction
- DCN - Network Addressing
- DCN - Routing
- DCN - Internetworking
- DCN - Network Layer Protocols
- Transport Layer
- DCN - Transport Layer Introduction
- DCN - Transmission Control Protocol
- DCN - User Datagram Protocol
- Application Layer
- DCN - Application Layer Introduction
- DCN - Client-Server Model
- DCN - Application Protocols
- DCN - Network Services
- DCN Useful Resources
- DCN - Quick Guide
- DCN - Useful Resources
What is a DNS Name Resolution and explain the cache poisoning attack in DNS?
Let us understand what the domain name system (DNS) is.
Domain Name System
All the web servers connected to the internet have a unique IP address in textual form. Now, the process of translating the textual form into an IP address is called DNS or DOMAIN NAME SERVICE name resolution.
Theoretically during the name resolution process the program that wishes for the name translation contacts a DNS server that returns the translated IP address, but in reality the entire translation may not occur at a single DNS server, rather the DNS server contacted first will recursively call upon other DNS servers to complete the process.
Example
Given below is a diagram of DNS −
Now let us see about the Cache poisoning attack in DNS.
Cache poisoning attack
The Cache poisoning attack in DNS is explained below in stepwise manner −
Step 1 − It is a form of computer security hacking where incorrect Domain Name System data is fed into the DNS resolver's cache, which results in the name server to return a different IP address.
Step 2 − This results in traffic being diverted to any other computer.
Step 3 − Poisoning attacks on a single DNS server can affect the users serviced directly by the compromised server or those serviced indirectly by its downstream servers.
Step 4 − Generally, a network of computers uses a DNS server provided by computer users or an Internet service provider organization.
Step 5 − DNS servers are used in an organization's network to improve resolution response performance by caching previously obtained resolution results.
Step 6 − To perform a cache poisoning attack, the attacker finds out the loopholes in the DNS software.
Step 7 − A server must correctly validate DNS responses to ensure that they are from an authentic source otherwise the server might end up caching the incorrect entries locally and serve them to other users that make the same request.
Step 8 − This attack can be used to redirect users from a website to another site of the attacker's choice.
Step 9 − For example, an attacker spoofs the IP address DNS entries for a target website on a given DNS server and replaces them with the IP address of a server under their control.
Step 10 − The attacker then creates files on the server under their control with names matching those on the target server.
Step 11 − These files usually contain malicious content, such as computer worms or viruses.
Step 12 − A user whose computer has referenced the poisoned DNS server gets tricked into accepting content coming from a non-authentic server and unknowingly downloads the malicious content.
Step 13 − This technique can also be used for phishing attacks, where a fake version of a genuine website is created to gather personal details such as bank and credit/debit card details.
- Related Articles
- What is DNS Cache Poisoning aka DNS Spoofing?
- Address Resolution in DNS (Domain Name System)
- The DNS Name Space
- What is DNS Filtering?
- What is DNS Hijacking?
- Domain Name System (DNS) Zones
- What is DNS Leak (IP Leak)?
- DNS Resource Records
- Details of DNS
- Difference between DNS and DHCP
- Differentiate between domain and domain name server and components of DNS
- How to get the Azure VM DNS name using PowerShell?
- Linux nslookup commands to troubleshoot dns domain name server
- What is the MITM (Man in The Middle) Attack using ARP Poisoning?
- How to Resolve DNS address using PowerShell?
