What is DNS poisoning and spoofing?
D2 ยท Threats ยท CompTIA Security+ SY0-701DNS poisoning (DNS cache poisoning) corrupts a DNS resolver's cache with fraudulent records, causing users to be redirected to attacker-controlled IP addresses even when typing the correct domain name.
DNS spoofing is the broader act of providing fake DNS responses. Poisoning specifically targets the cache.
Prevention: DNSSEC (cryptographically signs DNS records), encrypted DNS (DNS over HTTPS/TLS), short TTL values.
DNS spoofing is the broader act of providing fake DNS responses. Poisoning specifically targets the cache.
Prevention: DNSSEC (cryptographically signs DNS records), encrypted DNS (DNS over HTTPS/TLS), short TTL values.
DNS poisoning is a MITM setup technique. The attacker doesn't need to be on your network โ they just need to poison your resolver. DNSSEC is the primary countermeasure on the exam.