Exploits sources

The primary DNS server hosts the basic domain information, that is the digital IP address of a server which hosts a resource with provided symbolic name. If a malicious user gets access to the primary server, this information may be altered. Some systems use a dynamic update protocol to update name-address mapping information, and a malicious user can request a dynamic update of domain information on behalf of the affected system.

Primary server regularly sends a copy of domain data to the secondary DNS server. If a malicious user gets access to the data link between primary and secondary servers, the information may get altered while on the way. Moreover, if a malicious user get access to secondary server files, they may get altered as well, and then the primary server may get disabled by a DOS attack or another method.

ISPs usually have their own caching DNS servers for handling requests for ISP's customers. The names of these servers are usually given to users as DNS server addresses in the network configuration options. The most popular method of attacking DNS servers is called cache poison attack. After such an attack, the server cache of an ISP or a company's LAN would contain maliciously altered name-address mapping information, and a user making a request with a symbolic name will get the IP address of a fake server.

Caching DNS servers communicate with user-side programs named resolvers. The communication between a caching DNS and a resolver also leaves a way to alter information.

All such actions require no special skills or programming expertise, and it is even possible to alter domain information being a newbie.

The most common purpose of altering domain information is redirecting requests to a fake site in order to gather confidential data: passwords, credit card numbers, etc. Malicious users also can read your e-mail, intercept your instant messages and eavesdrop on the conversations made through IP phone systems.

We must also mention malicious altering of information: a user can get a resource which have looks similar to the requested one, but contains altered information. This can be fake stock quotes or information which defames the owner of the requested resource.

Spammers often inject altered information during DNS backresolve to bypass mail server filters and make a server accept the spam.

In other words, any internet communication that uses symbolic resources is exposed to DNS attacks, and using secure protocols like HTTPS and SSL doesn't help here.