DNS Poisoning of Operating System Caches: Attacks and Mitigations

Fatemah Alharbi, Yuchen Zhou, Feng Qian, Zhiyun Qian, Nael Abu-Ghazaleh

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


The Domain Name System (DNS) is a protocol supporting name resolution from Fully Qualified Domain Names (FQDNs) to the IP address of the machines corresponding to them. This resolution process is critical to the operation of the Internet, but is susceptible to a range of attacks. One of the most dangerous attack vectors is DNS poisoning where an attacker injects malicious entries into the DNS resolution forcing clients to be redirected from legitimate to malicious servers. Typically, poisoning attacks target a DNS resolver allowing attackers to poison a DNS entry for all machines that use the compromised resolver. However, recent defenses protect resolvers substantially limiting these attacks. In this paper, we present a new class of DNS poisoning attacks targeting the client-side DNS cache, which is used in mainstream operating systems, circumventing defenses protecting resolvers. We implemented the attack on Windows, Mac OS, and Ubuntu Linux machines. We also generalize the attack to work even when the client is behind a Network Address Translation (NAT) router. Our results show that we can reliably inject malicious DNS mappings, with on average, an order of tens of seconds. We also propose client-side mitigations and demonstrate that they can effectively mitigate the vulnerability.

Original languageEnglish (US)
Pages (from-to)2851-2863
Number of pages13
JournalIEEE Transactions on Dependable and Secure Computing
Issue number4
StatePublished - 2022
Externally publishedYes

Bibliographical note

Funding Information:
The work of Fatemah Alharbi was supported by Taibah University (TU) and the Saudi ArabianMinistry of Education. This work was supported by National Science Foundation under Grants CNS-1619391, CNS1652954, and CNS-1618898.

Publisher Copyright:
© 2004-2012 IEEE.


  • DNS
  • NAT
  • Ubuntu linux
  • cache poisoning
  • mac
  • microsoft windows
  • network security


Dive into the research topics of 'DNS Poisoning of Operating System Caches: Attacks and Mitigations'. Together they form a unique fingerprint.

Cite this