If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (often an attacker's).
DNS servers are used in an organization's network to improve resolution response performance by caching previously obtained query results.
Various methods, ranging from the use of social engineering tactics to the exploitation of weaknesses present in the DNS server software, can lead to these attacks.
The second variant of DNS cache poisoning involves redirecting the nameserver of another domain unrelated to the original request to an IP address specified by the attacker.
[citation needed] However, when routers, firewalls, proxies, and other gateway devices perform network address translation (NAT), or more specifically, port address translation (PAT), they may rewrite source ports in order to track connection state.
[citation needed][7] Secure DNS (DNSSEC) uses cryptographic digital signatures signed with a trusted public key certificate to determine the authenticity of data.
In 2010 DNSSEC was implemented in the Internet root zone servers.,[8] but needs to be deployed on all top level domain servers as well.
For example, by using HTTPS (the secure version of HTTP), users may check whether the server's digital certificate is valid and belongs to a website's expected owner.
Similarly, the secure shell remote login program checks digital certificates at endpoints (if known) before proceeding with the session.