What Is DNS Spoofing?
DNS Spoofing — an attack that corrupts DNS responses so a domain name resolves to an attacker-controlled IP — sending victims to a malicious site while the address bar looks normal.
How it works
By poisoning a DNS cache or forging DNS replies, an attacker makes a legitimate name (like a bank's) resolve to their fake server. The victim types the correct address but lands on the attacker's clone, ideal for phishing and credential theft. Defences include DNSSEC (which cryptographically signs DNS records) and using trusted, secured resolvers.
Why it matters
DNS spoofing (cache poisoning) undermines trust in name resolution itself — dangerous because everything looks normal to the user. It connects to how DNS works and MITM techniques, and understanding it is important CyberOps and web-security knowledge.
Frequently asked questions
What is DNS spoofing?
An attack that corrupts DNS responses so a domain name resolves to an attacker-controlled IP, sending victims to a malicious site despite a normal-looking address.
How does DNS spoofing enable phishing?
Victims type a legitimate address but are directed to the attacker's identical-looking fake site, where entered credentials are stolen.
How is DNS spoofing prevented?
DNSSEC cryptographically signs DNS records so forged responses are detected, and using trusted, secured DNS resolvers reduces exposure.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.