DNS cache definition
Temporary storage on a browser or device’s OS used to store the data about previous DNS requests from that device or browser. It is a local copy of the DNS servers’ records. Keeping it locally on your device or browser allows it to connect to a website you recently visited faster since it doesn’t have to go all the way to the DNS server to look up its IP address. Similarly, local DNS servers have caches where they keep IP addresses of the most popular local websites. This way, they don’t have to contact the global DNS server whenever they receive a request.
Cache poisoning attack
- An attacker plants a fake IP address for a popular website in a DNS server by using a man-in-the-middle attack.
- The DNS server sends out the same faulty record to other DNS servers that cache it.
- Internet users unknowingly enter the fake website and are susceptible to other kinds of attacks, like data theft or malware installing in the background.
Avoiding DNS cache poisoning attacks
DNS caches, while useful, are easy to exploit. So you should know how to immediately recognise a fake website in case you land on one:
- The URL. If it’s not the same one you entered, be on your guard. Some websites redirect their users to offer pages or for testing purposes. But if you see that the URL is only slightly changed – for example, domain.com turns into dornain.com – it most likely means that someone is trying to trick you.
- The padlock. Look for the little padlock icon next to the URL bar. If it’s crossed out or open, the website’s TLS/SSL certificate has expired or it never had one. That means all the traffic between you and the website is unencrypted, so anyone can see what you’re doing.
- The design. Recreating a popular website’s design is not as straightforward as it may seem. The fonts might look just a little different, or the spacing may not seem quite the same. If the website looks off, trust your sixth sense and be careful — it most likely is fake.