Domain Name System (DNS) spoofing, sometimes referred to as DNS hijacking, DNS redirection, DNS poisoning, or cache poisoning, is a type of cyberattack where traffic is maliciously diverted from a legitimate site to a fake site.
Spoofing happens when a DNS server resolves a domain name to a malicious IP address, often without the user’s knowledge. These fake sites can harvest login credentials or deliver malware while appearing to be a trusted source.
Understanding the meaning of DNS poisoning is critical, as attackers exploit vulnerabilities to insert fake records into DNS caches, making redirection persistent. Similarly, it's crucial to understand cache poisoning. It occurs when this altered DNS data is stored, leading to repeated misrouting of users.
To prevent DNS information from being altered, organizations should implement Domain Name System Security Extensions (DNSSEC), enforce Hypertext Transfer Protocol Secure (HTTPS), and regularly update DNS infrastructure. Monitoring tools like dig, nslookup, and threat analytics platforms help detect anomalies early.
Effective DNS spoofing prevention starts with layered defenses because spoofing happens when DNS integrity is left unprotected.