Skip to main content

DNS cache spoofing/poisoning is useful for web developers

When most people hear the word "poison" they immediately conjure up bad things in their mind from some weird crime drama that they watch on TV. DNS cache poisoning (or spoofing) is generally considered a bad thing because it means that a domain name is resolved to the "wrong" IP address. It is usually used in terms of an attacker that gains access to a DNS host to deliver the wrong responses to DNS requests or intercepts and alters responses to requests, which then points the client at the wrong IP address.

DNS cache poisoning, however, can be used for a few positive, legitimate things. Let's say you want to relaunch a website on a different web host. To do this, you could develop it locally and then upload the files when you are finished to the new host and switch DNS over and watch it break spectacularly. But if you want to get a relaunch 95% right, you need to see the new website before DNS is switched over. To do this, DNS cache poisoning comes to the rescue. It's actually really easy to do. We're going to edit your system's 'hosts' file and manually map the domain name to the IP you want to point it at.

For Windows users, the 'hosts' file is located at C:\Windows\System32\drivers\etc\hosts. You need to edit the file using an Administrator Notepad instance. Right-click on Notepad in the Start menu and select "Run as Administrator" (might be buried in a sub-menu). Now, because Notepad is running as an elevated user (Administrator), Explorer's drag-and-drop functionality won't work, so you have to use File, Open..., navigate, and select "All Files (*.*)" from the dropdown to see/select the 'hosts' file from the list.

For all other OSes, the 'hosts' file is usually located at /etc/hosts. You have to be running as 'root' to edit the file. Edit the file using whatever text editor you want.

Once the file is opened, add the DNS cache poisoning entry to the end of the file in the format of:
Where you replace with the target IP address you want to use. Save the file. After that, all lookups for get redirected to the new IP address. To change it back but keep it around, just insert a '#' at the start of the line which will comment it out and save the file. Changes to the 'hosts' file usually take effect immediately, allowing you to rapidly bounce between what the world sees via public DNS and your working environment. If only subtle changes are being made, I will use built-in browser based developer tools to verify which IP address is being contacted.

So DNS cache poisoning can be a good, beneficial thing that simplifies otherwise complex workflows regarding website redesigns. This is probably the only 100% legitimate use-case for DNS cache poisoning.