When we want to visit a website, we type the URL of the website in the address bar of the browser, and the webpage loads. We do not need to memorize the IP address of the website. This process of resolving an IP address is called Domain Name Resolution. And, the servers responsible for this Domain Name Resolution are called DNS Servers.
How does Domain Name Resolution Work?
When we type the URL of a website in the address bar of the browser, our computer contacts the Domain Name Servers or DNS Servers to resolve the IP address of the website. These DNS Servers are coordinated by ICANN or Internet Corporation for Assigned Names and Numbers. Usually, our computer uses a DNS server that our ISP or Internet Service Provider uses.
So, our computer makes a DNS query with the URL to the DNS Server, and the corresponding DNS server responds with the proper IP address. And, using this IP address, our browser opens the website in the browser.
What is a DNS cache?
The Internet does not have a single DNS server because that would be very inefficient. Instead, our ISP runs its own DNS servers that cache information from other DNS servers. Our home router has its own DNS server that caches information from ISP’s DNS servers. And our computer has a local DNS cache, which stores responses to previous DNS queries made by the computer.
The purpose of the DNS cache is to store responses to previously made DNS queries. Next time when the same DNS query is made, the computer doesn’t have to contact the DNS servers again. Instead, it can retrieve the IP address from its DNS cache.
What is DNS cache poisoning?
A DNS cache is said to be poisoned when it stores a malicious entry instead of a valid one. For example, if we type google.com for the first time, our computer will make a DNS query to the appropriate DNS server. Once it gets a response, it will store the IP address of google.com in its DNS cache. It also stores a timestamp with each entry to indicate when the entry remains valid. Within that time, if we type google.com again, our computer will look at its DNS cache for the entry.
Suppose our computer has made a DNS query and is waiting for a response from the DNS servers. But, instead of an authentic response, it gets a response containing an IP address of the attacker’s server. So, its DNS cache will be poisoned. Next time onwards, whenever the computer tries to resolve the IP address of the same URL, it will end up being on the attacker’s website.
In a similar way, the DNS cache of any DNS server may get poisoned. ISP’s DNS server gets …
0 Comments