[dns-operations] difference between dns spoofing and dns hijacking?

Lauren C. lauren at miscnote.net
Tue Jul 24 12:27:46 UTC 2018


But some devices such as China's great wall can capture DNS transit 
packages and modify them even cache server doesn't know this.


On 2018/7/24 星期二 PM 8:25, wbrown at e1b.org wrote:
> Cache poisoning is a little more clear cut (at least to me).  Somone
> manages to convince my local caching server that example.com has an
> address other than what the authoritative server say.  When I ask the
> local DNS for example.com, it will answer from the cache and give me the
> bogus data.  This will work until the TTL expires, or the bad data is
> flushed for other reasons.  If the cache is re-poisoned, the scenario
> repeats itself.



More information about the dns-operations mailing list