7 Common Targets of Stealth Threats
DNS servers translate raw Internet addresses (such as 188.8.131.52) into human-friendly domain names (www.myfunsite.com). With a little work, the information provided by some DNS servers can be hijacked or misdirected -- "poisoned" -- allowing an attacker to send someone to any Web site they choose.
The most common DNS poisoning attacks exploit flaws in DNS server software to allow fake name-resolution data to be sent to clients. One of the worst examples of DNS poisoning surfaced in 2008, when computer researcher Dan Kaminsky demonstrated how domains could be redirected with the then-current version of BIND, the software that most servers use to perform DNS resolution. The end result: You can hijack an entire domain -- including its subdomains, its mail servers (MX entries), its SPF records and everything else that can be stuffed into its DNS resources.
In this case, prevention is mostly up to the people running domain name services. Admins should update to the most recent version of BIND, which is much more skeptical about the data it receives and performs more thorough cross-checking to prevent poisoning.
If you have doubts about the validity of your DNS hosting, you can test it through the DNSStuff.com toolset. Its DNSreport Demo (free for regular users; the full non-demo version is for-pay) lets you check the results of DNS resolution for common domain names from your servers. If you suspect your DNS servers are dodgy or compromised, you can always use a different one by editing your TCP/IP settings or by setting your in-house router (if you use one) to resolve to another server. The Google Public DNS service might come in handy here, since Google claims its DNS is less vulnerable to poisoning.