In cybersecurity, DNS attacks are defined as attacks that are either carried out via the Domain Name System (DNS) or that target the DNS directly. For example, cybercriminals can exploit key properties of the DNS to reinforce DDoS attacks. Other attack vectors such as DNS spoofing are designed to tamper with DNS entries in order to redirect internet users to specific websites.
DNS cache poisoning
DNS cache poisoning is a variant of DNS spoofing and refers to attacks that attempt to insert manipulated entries into the DNS cache of name servers. By doing so, attackers manipulate the assignment between domain names and their matching IP addresses, directing users on the internet to a fake and usually also malicious website when they access the domain.
Cybercriminals use DNS spoofing to tamper with DNS entries on servers, routers, PCs, and mobile devices, redirecting users to mostly harmful web content. In most cases, the attacks seek to steal valuable login credentials by phishing, spread malware, or generate revenue from click fraud. In addition, authoritarian regimes often employ spoofing methods: Unwelcome portals on the internet can easily be censored by tampering with the internet service providers. DNS extensions such as DNS cookies and DNSSEC, used to authenticate and check the integrity of clients, servers, and data, have proven to be effective preventive measures.