DNS Spoofing: What it is and How to Avoid It
When you search for something on Google and a website pops up, you’d assume that clicking the link would always take you to the website you’re expecting, right? Unfortunately, that’s not always the case. A DNS spoofing attack is when hackers take over DNS records and redirect users from real websites to fake ones that are flooded with malware and created to steal your information. Often, these fake websites will look incredibly similar to the real website you were expecting to land on, making it even harder to work out what’s going on.
To understand how DNS spoofing works, it’s important to understand how DNS servers work. DNS servers convert domain names into IP addresses which they use to connect you to the website you wish to visit. The DNS finds the IP address using the domain name you’ve searched for and sends the information back to your browser to bring up the website. What could go wrong?
The DNS server can’t store every IP address of every website on the internet. There are too many websites out there, making such a task impossible. Local DNS servers usually only have the addresses of the most commonly used domain names (which is why you connect to Google, Facebook, and other popular websites faster than anything else).
If your DNS server is asked to find an IP address it doesn’t have stored, it’ll usually send the request to another DNS server to fetch the information for it. DNS spoofing turns this into a vulnerability by causing the server to return a fake IP address, which results in the network traffic being directed to the attacks’ computer (or somewhere else just as harmful).
Why Do Hackers DNS Spoof?
The two main reasons hackers DNS spoof are to access your personal information and scam you or simply to cause disruption for internet users as a form of prank. For some hackers, DNS spoofs can also be a deliberately humiliating attack on a company that makes it look like their own website has been hacked.
Hackers will use a variety of different tactics to spoof DNS addresses and redirect users to harmful websites. Cache poisoning is arguably the most popular DNS spoofing tactic. The hacker starts by generating a query to the DNS server and asking for an IP address. The DNS server then sends out a query to the nameserver but also the attacker, pretending to be an authoritative DNS nameserver. Since no verification methods are used, the hacker can plant a fake IP address in the server’s cache.
Once that fake IP address is planted, it’s sent out to all of the other DNS servers that are generating queries. Even though caches expire every few hours, this is still a long enough period of time for the fake DNS entry to spread across a variety of different devices, depending on how popular the domain name is.
Another method is known as breaking in, which requires the hacker to gain log-in information from a user with access to the DNS server that they wish to target. Once they have this information, they’re able to log in and change the records in the DNS server. The fake address will stay in the server until someone changes it back, making it an incredibly dangerous method of attack.
The final method is a man-in-the-middle or evil-twin attack, where a hacker positions themself in the middle of your connection, usually using a public Wi-Fi network. This means whenever your browser sends a request to a DNS server, the attacker is able to respond with any IP address they want.
Tips For Protecting Yourself From DNS Spoofing
Does The Design of the Website Look Different?
If you’ve landed on a website that you regularly visit and you’ve noticed that something seems a little bit off about the design, it could be a fake website. If something looks suspicious and doesn’t feel quite right, quit the website, scan your computer and report the site.
Check The Website URL
Usually, a DNS spoof will direct you towards a website with an ever-so-slightly different URL name. This might be a 1 instead of an I or L, or an extra letter in one of the words.
Run a DNS Leak Test
Check The Website For TLS/SSL Certificates
When you visit a website and it’s got a little padlock to the left of the URL, that means the page is protected with a security certificate. All of the biggest websites have this kind of protection. If you visit a website and it flags up that your protection isn’t safe, leave it immediately.
Use a VPN to Make Your IP
One of the most effective ways of avoiding a DNS spoof is to use a VPN. Reputable VPNs use their own private DNS servers and all DNS requests are sent through an encrypted tunnel, which means they cannot be intercepted or altered. Note that we said ‘reputable’ VPNs – not every VPN provider uses private DNS servers, so it’s important to check where your VPN provider stands on this.
Best VPNs To Protect You Against DNS Spoofing
With all of your internet traffic routed through PureVPN’s secure VPN and private DNS servers, you’ll be able to browse the web safely with complete peace of mind. Your data is also fully encrypted and all VPN Protocols are supported across all of their private servers, putting you in control of how you want to browse.
ExpressVPN has a huge network, allowing you to connect to thousands of servers across 94 different countries. Those connections are protected with military-grade encryption and with a clear no-logging policy, so you can guarantee that ExpressVPN takes your security seriously.
NordVPN is one of the best providers out there, offering fast and secure connections to private servers located all over the world. It’s fast, easy to use, and it’s double-hop servers add an additional layer of protection to your browsing by connecting you to two servers at once, doubling your encryption.
Should I Be Worried About DNS Spoofing?
Thankfully, if you’re already using a VPN, you don’t have too much to worry about when it comes to DNS spoofing as all of your information is fully encrypted and protected as a result. That said, if your VPN provider doesn’t offer its own private DNS servers and doesn’t offer leak protection, there’s still a chance you could get a fake IP address sent your way that lands you on a malware-infected website. If you’re not sure if your VPN has its own private DNS servers, make sure you check – it may be worth canceling your contract and switching to a new one.