DNS Spoofing: What It Is and How to Protect Yourself Against It

What you need to know about DNS poisoning and spoofing

Close up of black and white mechanical computer keyboard with closed gold security lock laying on top of it.

Zoonar RF/Getty Images Plus/Getty Images

DNS spoofing is a type of cyberattack in which vulnerabilities in a domain name system or server are exploited by hackers to direct web traffic away from legitimate websites and servers and towards malicious spoofed websites and servers.

DNS spoofing may also sometimes be referred to as DNS cache poisoning or DNS poisoning. "DNS" stands for Domain Name System. And a DNS server is a domain name system server.

How DNS Spoofing Works

Like other types of spoofing, the end goal is usually to steal personal or financial information, but unlike most types of spoofing, it doesn't always rely on deceiving humans.

To understand how DNS spoofing works, you need to understand how domain name system servers work.

According to GlobalSign, a domain name system server (DNS server) acts as a sort of "directory." It matches the web addresses we type to the IP addresses our computers and servers use, enabling them to locate those sites and connect us to them.

DNS spoofing (or DNS cache poisoning) happens when a hacker alters the information in that directory in such a way that even when a person enters the correct web address for a safe and legitimate website, the infected DNS server will instead connect the person's computer to a website with a different IP address, usually a spoofed website.

How DNS Poisoning Spreads

There are few ways DNS poisoning can occur and spread. According to cybersecurity company Kaspersky, DNS spoofing can occur at the individual level when users accidentally click malicious links in spam emails, because these links can contain the code that causes DNS cache poisoning.

Once the link is clicked, their computer is infected and begins directing the computer's web traffic towards fake websites that can then either steal the victim's information or infect their computer with other kinds of malware.

On the organizational or company level, hackers can simply "[gain] control over a DNS server," as GlobalSign notes. Once they gain control over a server, the infection can spread from server to server "if and when multiple internet service providers are receiving their DNS information from the now hacker controlled server, which results in the ‘poisoned’ DNS entry spreading to those ISPs to be cached." Once this happens the infection can continue to spread via other servers, wi-fi routers, and other computers.

How to Protect Against DNS Cache Poisoning

Like IP spoofing, when it comes to prevention, the most effective defense against DNS spoofing is best handled by professionals at the organizational level. That said, there are still a couple of things you can do to guard against the ill effects of DNS spoofing.

  1. Don't click suspicious links in emails. As we mentioned earlier, such links are one way for hackers to distribute the code used to cause DNS cache poisoning in the first place. If you don't know the sender or the link looks odd, don't click it and immediately delete the email.

  2. If you find yourself on what looks like a fake website, exit immediately and don't interact with the website. If the website doesn't look right to you, exit the site immediately. Don't interact with it in any way, including trying to log in using your username and password or offer any personal information, if prompted.