DNS Spoofing and Cache Poisoning

DNS spoofing is the act of supplying a forged DNS response so the victim resolves a name to an attacker-controlled IP. Cache poisoning is a specific form where the forged answer is accepted and stored by a recursive resolver, infecting every client that uses it.

The goal is usually traffic redirection: sending users to phishing pages, malware drops, or man-in-the-middle proxies.

When a resolver sends a query, an attacker tries to inject a forged reply before the legitimate authoritative server answers. If the forgery arrives first and matches the expected fields, it wins the race and gets cached.

This is why latency, packet ordering, and the resolver outbound port all matter so much in attack and defense.