DNS servers located throughout the Internet are used to map domain names to IP addresses. When a user types in a URL, a nearby DNS server will map the domain to an IP address or pass it to another DNS server. In fact, there are a relatively small number of very big DNS servers. These provide many smaller DNS servers with DNS entries that are stored in the cache of the smaller DNS servers.

DNS poisoning is the manipulation of IP addresses for entries stored in the cache of a smaller DNS server: the aim is to make the DNS server respond, not with the correct IP address, but with one that contains malicious code. Here’s an example. If a user types the URL ‘www.kaspersky.com’ in the web browser, the DNS server should respond with the IP address 81.176.69.70. However, a poisoned DNS server would map this domain name to an IP address that contains malicious code.

DNS poisoning is only possible where there is a vulnerability or other security weakness in the operating system running on the DNS server.