Protect your network from DNS spoofing is important to avoid phishing and malware infection.
Domain name server (DNS) is responsible to translate a human-readable domain name to an IP address.
When you visit a website (e.g. https://www.example.com), your browser will first contact and obtain the IP address from a DNS server and then use the actual IP address to communicate with the website.
What is DNS spoofing?
DNS spoofing or DNS cache poisoning, is an attack against DNS to corrupt its cache data with incorrect IP addresses.
So when you try to browse the website, the wrong IP address brings you to a fake website.
- The fake website could be a malicious website that infects your device with malware.
- Or may look exactly the same as the real site (e.g. your banking website). Tricking you into providing your login credentials without realizing it.
DNS poisoning can spread.
Typically, your home network would be using your ISP’s DNS servers. Therefore, if your ISP’s DNS servers are compromised, or your ISP is getting their DNS information from another compromised DNS server, DNS poisoning will spread to your network.
There are also other DNS attacks like DNS Hijacking and DNS Man-in-the-middle (MITM) attack to divert you to attacker’s fade website.
DNS Hijacking
DNS hijacking is an attack to override your DNS configuration to point at a rogue DNS server under the attacker’s control.
This can happen if your device is infected with malware. This can also happen at network level if your home router is compromised.
DNS Man-in-the-middle (MITM) attack
This attack intercepts your DNS request and return a fake response to point you to the fake website.
This can happen when your home router is compromised.
Protect your network from DNS Spoofing
1. Use public DNS Servers
Public DNS servers usually take good security measures to ensure protection from DNS spoofing. For example, Google Public DNS performs DNSSEC Validation (ensure DNS responses are valid and authentic) for all queries.
So configure your network router to use public DNS Servers.
Google Public DNS Server
- 8.8.8.8
- 8.8.4.4
OpenDNS Server
- 208.67.222.222
- 208.67.220.220
2. Secure your home router
It’s important to minimize the risks of your router getting compromised.
Follow the tips to make your home router more secure.
3. Use VPN
Use a VPN service to encrypt your network traffic and also route all your DNS requests through the VPN tunnel will further reduce risk of DNS spoofing attacks.