Runbook
DNS Cache Poisoning Incident.
Back to Runbooks
Overview
DNS Cache Poisoning is a type of cyber attack aimed at manipulating the Domain Name System (DNS) servers. The attacker injects false data into the DNS cache of the server, directing users to visit a fraudulent website instead of the legitimate one. This attack can result in the theft of sensitive information or the spread of malware. DNS Cache Poisoning can affect any organization with an online presence, making it a serious threat to cybersecurity.
Parameters
Debug
Check the DNS entry for a domain
Check the DNS cache for a specific domain
Flush the DNS cache
Check the DNS server configuration
Check the DNS server logs for errors
Check the DNS server version and software
Test the DNS server for vulnerabilities
Check the DNS server response time
Repair
Clear the DNS cache: The first step in remediation is to clear the DNS cache to remove any poisoned entries. This can be done by restarting the DNS server or flushing the cache manually.
Implement DNSSEC: DNS Security Extensions (DNSSEC) is a protocol designed to secure the DNS system against attacks like cache poisoning. Implementing DNSSEC can help prevent future attacks.
Learn more
Related Runbooks
Check out these related runbooks to help you debug and resolve similar issues.