The DNS cache is a temporary storage on your system’s operating system or even your browser with the record of a previous DNS request. A kind of local copy of a larger list of DNS requests.
This cache ensures that your system or browser connects much quicker to websites it has connected to previously. The website no longer needs to query the DNS server, it can just use the cache to identify your system.
Cache poisoning attack
- A hacker may plant a fake IP address belonging to a widely used website in a DNS server with a MiTM attack.
- The DNS server will then send out the tainted record to other DNS servers that cache it.
- Users will then unwittingly visit the false website and unfortunately fall prey to an uncountable number of malicious software embedded in the site.
Ways to avoid DNS cache poisoning attacks
Below are a few things to take note of before entering any website to avoid a DNS attack:
- The URL: If you notice the link is different from the one you previously input, do not enter it. Websites can redirect you for genuine purposes, but if you’re redirected and the URLs look identical, save for one or two letters, leave immediately.
- The padlock: Check for the padlock icon that should be naturally positioned beside the URL bar. If it is open or crossed out, that means the website either never had a TLS/SSL certificate or it is expired. This means your activities on the page are not encrypted.
- The design: Take note of the page’s design. A perfect replica is possible but would require a lot of resources the attacker would rather not invest. If you notice anything off, like the fonts, colours, or spacing, you are most likely on a fake website.