Tech

DNS Cache Poisoning: Why This Old Threat Is Back and What It Means for Your Security

Oct 29th 2025

AI-generated, human-reviewed.

DNS Cache Poisoning Returns: What You Need to Know About the Latest Internet Vulnerability

Recent disclosures reveal that DNS cache poisoning—a threat many thought was solved back in 2008—has made a troubling comeback, thanks to weaknesses in random number generation inside widely used DNS server software. If you thought your internet-related services were immune from this classic attack, it's time to reconsider. On Security Now, hosts Steve Gibson and Leo Laporte examined how flaws in DNS software like BIND and Unbound could allow hackers to redirect traffic and compromise authentication processes across the web.

What Is DNS Cache Poisoning?

DNS (Domain Name System) cache poisoning is an attack where bad actors trick DNS resolvers into storing false information. When users try to access a website, they're sent to an imposter destination instead—opening the door for phishing, malware, and loss of data.

This attack works by exploiting the way DNS servers query other servers for information. If an attacker can guess certain internal parameters—like port numbers or random query IDs—they can inject doctored data and hijack traffic during critical moments.

Why Is DNS Cache Poisoning a Big Deal Again?

According to Steve Gibson on Security Now, the latest vulnerabilities come from shockingly weak pseudo random number generators (PRNGs) inside BIND and Unbound, the two most popular open-source DNS resolvers. These flaws make it possible for attackers to predict and spoof the packets used to resolve domain names—rolling back the clock to the days before DNS cache poisoning was widely patched.

Attackers can monitor when a DNS cache entry is ready to expire, zap the resolver with malicious replies, and hijack the results before a legitimate update arrives. And because DNS acts as the authentication backbone for web services, a compromised record can impact certificate generation, domain verification, and secure access. This exposes millions of users and businesses to risks that were thought to be locked down over a decade ago.

How Do DNS Cache Poisoning Attacks Work?

On Security Now, Gibson broke down the technical details. A DNS server sends queries to fetch the website’s IP address when it isn’t cached. Attackers who know how the DNS resolver selects its outgoing ports and query IDs (especially if these are predictable rather than random) can bombard the server with fake answers.

If the fake answer arrives before the real one, the cache is poisoned—meaning anyone using that DNS resolver is sent to a rogue website. That imposter site could phish for credentials, install malware, or snatch sensitive data.

What's more, current DNS protocols use simple UDP (User Datagram Protocol) packets that don't require authentication, making them easy to spoof unless countermeasures are taken.

Why Random Number Generators Matter So Much

One shocking revelation from this episode: Some DNS software still uses weak, predictable random number generators to pick outgoing ports and IDs. Good security depends on unpredictability. A resolver flooded with unpredictable network activity should gather plenty of entropy, but according to the episode, some coders either reused bad libraries or failed to properly seed their random number algorithms—leaving the door wide open for attackers.

Without strong randomization, all it takes is timing and a barrage of packets for a clever hacker to poison DNS caches and redirect users at scale.

What You Need to Know

  • DNS cache poisoning lets attackers redirect legitimate website visits to malicious domains.
  • The latest threat comes from poor pseudo random number generators in DNS software (BIND, Unbound), making spoofing easier.
  • Affected systems should update their DNS software immediately to patch these vulnerabilities.
  • DNS cache poisoning can compromise much more than web browsing—it can undermine authentication, validation, and secure communications.
  • Strong random number generation is essential for network security—if it's predictable, it's exploitable.
  • IoT and network-connected devices are not immune—check what software your routers and DNS servers are actually running.
  • Patch management and regular updates help defend against known vulnerabilities.
  • DNSSEC (DNS Security Extensions) can provide added safety, but not every provider supports it.

The Bottom Line

Security Now’s coverage of the return of DNS cache poisoning highlights a critical reality: We can’t afford to assume that old vulnerabilities are gone for good. Weaknesses inside key network software still let attackers undermine basic internet trust mechanisms. If you’re responsible for network security—or just want to protect your devices—check that your DNS resolver is up to date, review its configuration, and demand robust random number generation as a basic standard.

Stay informed and don’t wait years to address threats that could easily be prevented with routine attention and proper security practices.

Subscribe for more insights on Security Now:
https://twit.tv/shows/security-now/episodes/1049

Ransomware Payments Plummet Security Now #1049
Oct 28 2025 - DNS Cache Poisoning Returns
Ransomware Payments Plummet
All Tech posts