I know that if you are the average citizen, hearing new reports about the different malware and exploits have got to be frightening. It almost makes you not want to go on the internet at all. If it doesn’t scare you enough to keep you off the internet then it most likely will worry you enough to be sure of what type of data you are putting out there. And that might be a good thing. But you shouldn’t be that worried about it. Although there are a lot of attack vectors out there, there are very few that you are most likely to get hit with. But if you are a server admin you need to be aware of all of them. And one of them that you should really be aware of is DNS cache poisoning.
What is the DNS?
The letters DNS stand for the Domain Naming System. When you need to tell your browser to go to a certain web site, you are using the domain naming system. All web sites are under the guise of a bunch of numbers. But that is not human readable. So what the DNS does is allow you to transform those numbers into a name that is readable by humans.
So what is DNS caching poisoning then?
DNS caching poisoning is when someone is able to break into a system where there is a DNS server and make changes to it. They are usually able to do this by use of an exploit. Once they are in there, they make the DNS names point to somewhere that they are not supposed to. The other DNS servers around the internet pick up on this and they change their settings to the poison version as well. This is a problem that has been going on for a long time but is now mostly under control. But that does not mean it does not happen every now and then even to this day.
Always be concerned no matter what system you are using. Just remember that even everyday parts of the internet that are always supposed to work are able to be infected as well.