DNS (Domain Name System) is the internet's phonebook. It translates human-readable domains like google.com into machine IP addresses (142.250.80.46) that computers use to connect to servers.
DNS Spoofing (Cache Poisoning) injects fraudulent DNS records into a resolver's cache. Victims querying a domain receive a malicious IP and are silently redirected to a fake site controlled by the attacker.
Attackers exploit DNS's lack of authentication in older implementations. They race to respond before the legitimate server, flooding resolvers with forged responses using predicted 16-bit transaction IDs (0–65535).
DNSSEC cryptographically signs DNS records. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt queries. Randomized source ports and transaction IDs drastically raise attack difficulty.
Learn how DNS spoofing attacks are crafted. Understand the technical steps an attacker takes to poison a DNS cache and redirect victims to malicious servers.
OFFENSIVE MODEExperience the victim's perspective. Learn how to detect an ongoing attack, run security checks, and protect yourself from DNS spoofing attempts.
DEFENSIVE MODEPakistan Telecom accidentally hijacked YouTube's global traffic via BGP route announcement paired with DNS misrouting, taking the platform completely offline worldwide for several hours.
Attackers compromised a major Brazilian bank's DNS registrar account and redirected all 36 of the bank's domains to cloned sites for 5–6 hours, serving valid SSL certificates via Let's Encrypt.
State-sponsored attackers compromised DNS registrars to redirect 40+ organizations — including government ministries and embassies — across Middle East and North Africa for intelligence gathering.
Security researcher Dan Kaminsky discovered a critical DNS flaw enabling rapid cache poisoning via predictable transaction IDs. An emergency coordinated patch across all major DNS vendors was deployed simultaneously.