There has been a lot about DNS poisoning, also known as DNS cache poisoning, in the news lately. But what exactly is DNS poisoning? Put simply, DNS cache poisoning is when a DNS server is made to tell your computer that a domain resides at a naughty IP address belonging to a bad guy - the poisoner - rather than the true IP address at which the domain actually resides.

DNS (Domain Name Service) is sort of like directory assistance for the Internet. When you type in to your web browser, for example, http://www.aunty-spam.com, your computer queries a DNS server and asks it “where does www.aunty-spam.com live?” The DNS server responds with the IP address associated with www.aunty-spam.com - let’s say for sake of example that it’s 127.0.0.1. Your computer then rings up 127.0.0.1, and voila, you’re at the Aunty Spam site.

DNS servers have a cache of hundreds of thousands of domain names cross-referenced with their corresponding IP addresses. These are updated on a regular basis, however, imagine if someone was able to access one of the DNS servers, and change…

[DNS Poisoning and DNS Cache Poisoning Explained, Continued]