What is DNS Poisoning?
An attack that corrupts a DNS resolver's cache, redirecting users to malicious websites even when they type the correct address.
DNS poisoning (also called DNS cache poisoning or DNS spoofing) tricks DNS resolvers into storing false information, sending users to attacker-controlled servers.
How It Works
- Attacker sends forged DNS responses to a resolver
- The resolver caches the fake IP address for a domain
- All users of that resolver get sent to the wrong server
- The fake site may look identical to the real one
Why It's Dangerous
- Users see the correct URL in their browser
- Can be used for phishing, credential theft, or malware distribution
- Hard to detect without DNSSEC validation
Protection
- Use DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT)
- Choose DNS providers that support DNSSEC validation
- Use a VPN that handles its own DNS resolution
Related Terms
DNS Leak
A security flaw where DNS queries bypass your VPN or proxy and are sent through your normal ISP connection, revealing the websites you visit even when your other traffic is protected.
DNS over HTTPS
A protocol for performing DNS resolution via the HTTPS protocol. It encrypts DNS queries, preventing ISPs, network administrators, and attackers from seeing which websites you're trying to visit.
Man-in-the-Middle Attack
An attack where the adversary secretly intercepts and potentially alters communications between two parties who believe they're communicating directly with each other. MITM attacks can capture credentials, inject malware, or modify data.
Have more questions?
Use our guided flow to get the right next privacy step for DNS Poisoning.
Open Guided Flow