In 2008, it was discovered that there were deficiencies in the Internet's DNS protocol and common implementations that would actually facilitate DNS cache poisoning attacks.^[337]

DNS is responsible for resolving all the domain names of websites in the world into actual IP addresses that the routers use to forward the traffic. For example, when you type "www.company.com in your web browser's address field, a DNS server does the lookup and translation of that alphabetical address to the actual numerical IP address, which might look something like "123.123.123.2." These DNS servers can get a little busy, so to speed address resolution, DNS servers keep the name-to-IP address resolution mapping in cache memory, thus keeping frequently used results obtained from other DNS servers readily available to reduce latency.

In a cache poisoning attack, the DNS server is tricked into accepting incorrect information into memory (thus poisoning the cache of the DNS server). The DNS server then responds to domain name queries with that incorrect information. First, the attacker gets the DNS server to ask it a question about where a particular IP address is located. Then, in response to that question, the attacker answers a completely different question that contains a different address to which the attacker wants the server to resolve. The DNS server caches that answer and then uses it the next time it is asked about that IP address, resolving to the incorrect ...