DNS Poisoning Explained | AP Cybersecurity

AP Cybersecurity Topics › DNS Poisoning
Unit 3 • Topic 3.1 • Network Vulnerabilities and Attacks

DNS Poisoning (DNS Spoofing) Explained

DNS poisoning (DNS spoofing) corrupts the system that translates domain names into IP addresses, so a user who types a legitimate address is silently sent to a malicious server.

Contents

  1. How DNS poisoning works
  2. Defending against DNS poisoning
  3. Real-world example
  4. Key terms
  5. Match it up
  6. Check for Understanding
  7. FAQ
Targetname-to-IP resolution
Effectreal name, fake site
DefenseDNSSEC, trusted resolvers
DNS queryPoisoned recordWrong IPAttacker site
A poisoned record sends a correct domain name to a malicious server.

How DNS poisoning works

DNS is the internet's address book: it turns a name like example.com into an IP address. In a DNS poisoning attack, the adversary inserts a false record so the name resolves to an IP they control.

The user sees the correct domain in their browser but lands on the attacker's server, where credentials or data can be harvested. Because the address looks right, it is hard to notice.

Scenario

A user types their bank's real web address but reaches a convincing fake login page. The address bar shows the correct domain. What attack is likely?

Reveal answer

DNS poisoning. The name resolved to a malicious IP, so the legitimate-looking address sent the user to the attacker's server.

Exam tip

DNS poisoning is dangerous because the domain name still looks correct. The mismatch is between the name and the IP it resolves to, not in the URL the user typed.

Defending against DNS poisoning

Defenses include using trusted DNS resolvers, validating responses with DNSSEC where available, and watching for unexpected redirects. End users benefit from HTTPS, which makes impersonating a site harder because the attacker cannot easily present a valid certificate.

On the network side, securing DNS infrastructure and monitoring for anomalous resolution helps detect poisoning.

Scenario

How does HTTPS help a user who has been DNS-poisoned to a fake bank site?

Reveal answer

The fake site usually cannot present a valid certificate for the bank's domain, so the browser warns of a certificate problem, giving the user a chance to stop.

Real-world example

The 2008 Kaminsky DNS flaw

Researcher Dan Kaminsky revealed a flaw that let attackers poison DNS caches at scale, redirecting users from legitimate sites. It triggered a coordinated global patch effort and pushed adoption of stronger DNS protections.

The domain looks right; the destination is not.

Key Terms

DNS The system that maps names to IP addresses.
DNS poisoning Inserting a false name-to-IP record.
Resolver The server that answers DNS queries.
DNSSEC A protocol that validates DNS responses.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.
Term
Definition
All matched. Nice work.

Common Mistakes

!

Looking only at the typed URL

The user types the right name; the poisoning happens in resolution, so the URL looks correct.

!

Confusing it with phishing links

Phishing uses a wrong link; DNS poisoning corrupts a right name's resolution.

!

Ignoring certificate warnings

A certificate warning may be the only sign of a poisoned redirect.

!

Assuming only servers are targets

Poisoning a resolver or cache can affect many users at once.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.
Question 1
DNS poisoning works by:
B. DNS poisoning corrupts resolution so a legitimate name points to an attacker-controlled IP.
Question 2 Predict first
Why is DNS poisoning hard for users to notice?
B. The user reaches a malicious server even though the legitimate domain name shows, so nothing looks wrong at a glance.
Question 3
Which can help defend against DNS poisoning? I. Trusted resolvers. II. DNSSEC. III. Heeding certificate warnings.
D. All three help: trusted resolvers, DNSSEC validation, and paying attention to certificate warnings.
Question 4 Predict first
A user types a correct bank address but lands on a fake site with the right domain shown. This is most likely:
A. Correct domain, wrong destination is the signature of DNS poisoning.
Question 5
How does HTTPS help against DNS poisoning?
C. Without a valid certificate for the real domain, the browser warns the user.
Question 6
DNS poisoning is best described as an attack on:
A. It targets the translation of names to IP addresses, that is, name resolution.

Frequently Asked Questions

DNS poisoning corrupts the translation of domain names to IP addresses so a legitimate name resolves to a malicious server the attacker controls.
Because the correct domain name still appears, the user has no obvious sign they have been redirected to a fake site.
Use trusted DNS resolvers, enable DNSSEC where available, secure DNS infrastructure, and pay attention to HTTPS certificate warnings.
← PreviousMAC Flooding
Keep studying
All TopicsUnit 3 Study GuidePractice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]