Spoofing DNS Cache:
DNS i.e domain name system is distributed database with a hierarchical structure used to translate the human friendly host names into the IP address,in TCP/IP Network.So when a computer wants to communicate with www.sudobits.com then it first sends a query to the local DNS server and the dns server checks its databases to find the corresponding ip address.If the local server fails then it tries to communicate with the other remote dns servers,and finally
it returns the corresponding IP address to the users computer(If there is no problem on sudobits.com servers).After this events the users computer and local dns server(if failed to resolve) updates its database so that in future it can use that ip address-host name maps without any further queries with the other dns servers.There are many available methods for spoofing the dns cache but the simple concept is to alter the corresponding map between the host name and IP address in the dns cache of the victim computer or dns server.
Two simple methods to poison the dns cache –
1. Hacker sends a dns query to the local dns and before the local dns server gets the true result fr0m the remote server,the local dns server is flooded by the fake reply(By hacker),thus the local dns cache gets spoofed.
2. In this method the hacker poison the host names by their fake website IP address,so when the user sends the request to the infected dns server,then it maps to the fake website.
How to protect the dns by spoofing/poisoning
Use Open DNS : It will protect you fr0m the dns cache spoofing as well as other benefits.For more info :
http://www.opendns.com/
credit : CpGlobal
The caching has a component called time to live (TTL) and the TTL determines how long a server will cache a piece of information.