tech guide & how tos..
DNS cache poisoning is essentially DNS spoofing. It is a hacking attack by which the hacker manages to introduce data into a DNS name server's cache database, causing the name server to return an incorrect IP address. If your domain name is attacked with DNS cache poisoning, when any user will try to visit your website by typing your domain name in their browser address box, the user will be diverted to some other website as mapped with the IP introduced by the hacker.
A computer connected to the Internet would normally use a DNS server provided by the ISP on whose network the computer resides. DNS servers are generally deployed in an ISP's network to improve resolution response performance by caching previously obtained query results. Poisoning attacks on a single DNS server can affect the users serviced directly by that compromised DNS server or indirectly by any of its downstream servers.
In a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source (for example by using DNSSEC) the server will end up caching the incorrect entries locally and serve them to other users that make the same request.
This technique can be used to direct users of a website to another site of the attacker's choice. For instance, an attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls. He then creates files on the server he controls with names matching those on the target server. These files could contain malicious content (a computer virus or worm). A user whose computer has referenced the poisoned DNS server could be tricked into accepting content coming from a non-authentic server and unknowingly download malicious content.