DNS Spoofing (DNS Cache Poisoning)
An attack that corrupts a DNS resolver's cache to redirect users to a malicious IP address even when they type the correct website address.
Also known as: DNS cache poisoning, DNS hijacking
Last reviewed: 10 June 2026
The Domain Name System (DNS) translates human-readable domain names into IP addresses. DNS spoofing — also called cache poisoning — injects false DNS records into a resolver's cache so that subsequent queries for a legitimate domain return a fraudulent IP address controlled by the attacker. Users who type the correct address are invisibly redirected to a fake site.
Because the URL in the browser bar still shows the correct address (the DNS layer is invisible to the user), this attack is particularly deceptive. It is used to host credential-harvesting sites, distribute malware, and intercept communications.
DNSSEC (DNS Security Extensions) and DNS over HTTPS (DoH) or DNS over TLS (DoT) are technical mitigations that make DNS spoofing significantly harder. Users can use a DoH-capable resolver and keep their operating system and router firmware updated.
Examples
- A poisoned ISP resolver sends all customers who visit a bank's correct address to a fake login page.
- A compromised home router's DNS settings are changed to redirect financial sites to phishing servers.