DNS(Domain Name System) Spoofing

Photo by Google

What is DNS?

DNS is called Domain Name System. It is the Phonebook of the internet. Every human accessing the data information online through the domain name, like facebook.com or google.com. By using the internet protocol(IP) addresses the web browsers are interacting. So web browsers can load the internet resources by DNS translates domain names to IP addresses.

How does DNS work?

If we see the process of the DNS, its resolution involves converting the hostname( ex: www.facebook.com) into a friendly computer IP address(ex: Each device on the internet has an IP address, & that address has needed to search and find a suitable Internet device like a road address is used to find the particular office. When the user wants to load to find a webpage, a translation must happen between what the user types into their web browser(ex: facebook.com) and the same time machine-friendly address needed to locate the facebook.com webpage.

DNS Server & IP Address

Internet Protocol (IP) address can be well-defined as a unique number that identifies the server or computer in the network. These string and number ID names are used to communicate & locate between the computer in the network.

IPconfig - Windows(Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays Internet Protocol version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters.)
IPconfig/all - Windows (Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.)
/sbin/Ifconfig/- Linux & MacOS
Example of IP Configuration

DNS recursive resolver

This recursive resolver is the first stop in the DNS query. It acts as a middle man between a DNS nameserver & a client.

Root nameserver

A root server accepts a recursive resolver’s query which includes a domain name, and the root nameserver responds by directing the recursive resolver to a TLD nameserver, based on the extension of that domain (.com, .net, .org, etc.). The root nameservers are overseen by a nonprofit called the Internet Corporation for Assigned Names and Numbers (ICANN).

TLD nameserver

A TLD nameserver maintains information for all the domain names that share a common domain extension, such as .com, .net, or whatever comes after the last dot in a URL.

Authoritative nameserver

The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

DNS Spoofing Means What?

Domain Name Server (DNS) spoofing is an attack in which altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.

DNS Cache Poisoning

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.

DNS Cache Poisoning Process

DNS ID spoofing

In DNS ID spoofing, the victim sends the resolve request to the server, where the packet ID and IP information generated for the resolve request is duplicated with forged information inside it. As the response ID matches the request ID, the Victim’s machine accepts the response containing the information that is not expected.

  • DNS server compromise — The direct hijacking of a DNS server, which is configured to return a malicious IP address.

Risks of DNS Poisoning and Spoofing

Here are common risks of DNS poisoning and spoofing:

  • Malware infection — Ultimately if you’re not using internet security, you’re exposed to risks like spyware, keyloggers, or worms. The spoof redirecting you, the destination could end up being a site infested with malicious downloads. Drive-by downloads are an easy way to automate the infection of your system.
  • Halted security updates — It can result from a DNS spoof. If spoofed sites include internet security providers, legitimate security updates will not be performed. As a result, your computer may be exposed to additional threats like viruses.
  • Censorship —It is a risk that is actually commonplace in some parts of the world.

How to Prevent DNS Cache Poisoning and Spoofing

When looking to prevent DNS spoofing, user-end protections are limited. Website owners and server providers are a bit more empowered to protect themselves and their users. To appropriately keep everyone safe, both parties must try to avoid spoofs.

  1. Domain name system security extensions
  2. End-to-end encryption
  1. Regularly scan your computer for malware
  2. Flush your DNS cache to solve poisoning
  3. Use Virtual Private Network (VPN)

Software Engineer at Virtusa (Pvt) Ltd.