Explain DNS poisoning please? Why everyone should worry

Ok, I've been keeping up ... sorta ... with this thread on WMW about DNS poisoning and have read this latest thread on Threadwatch (earlier one here) and I just can't seem to get my head round it all.

I would appreciate it if a few kind individuals would take a few minutes to explain this phenomenon of DNS cache poisoning.

The results I get from www.dnsreport.com, while they appear to be comprehensive, also mean very little to my 'copy' / 'paste' orientated brain

 

IMO the uproar is 60% link bait and 40% confusion. Make sure recursion is disabled on your server and don't worry.

Basically the problem is this:

• 
  Spammer buys domain give-me-cheap-viagra-please.com

• Spammer does a lookup on www.give-me-cheap-viagra-please.com against your server, which dutifully looks it up on his server, then caches the data

• Spammer now changes his DNS records to point at your server

• It now looks as though you're the spammer

Unfortunately, this issue has got confused with DNS poisoning attacks, for example where www.google.com goes to an IP address controller by the attacker. For this to happen the client (or the DNS server they are using) needs to be vulnerable. The act of you running a DNS server which allows recursion has no bearing on this situation. Just because you run a DNS server which allows recursion, you aren't going to suddenly find that someone has stolen all your adsense revenue.

Turn off recursion, make sure your DNS daemon is up to date and stop worrying.

 

Thanks for that. I wouldn't say 'worried' so much as 'wtf does that all mean?'

I thought I had a grasp of it but it seems the more I read, the more confused I get about the whole dns recursion / poisoning thing. I think I will file it under the same category as pagerank in the 'don't give a f*** section' of my brain.

 

I'm pretty sure I'm a victim of DNS cache poisioning. My traffic has dropped 90% while my ranking have not changed, I purchased software called "adsense checker" and found that my top 3 pages were not displaying any adsense code... I did a traceroute on my site, and it goes from the US to singapore, germany, then back to my ISP.. and I changed ISP's recently to see if that would stop the problem.. it did, for about 3 hours, then the traffic slowed again.
This is serious stuff and I'm losing hundreds of dollars a day because of it.

 

Does anyone know about DNS cache poisoning? I now think my old hosting company is involved, they won't let me log into my old server.. to take down my old pages, and do a 301 permanent redirect to my new site, and since they were my old DNS severs as well, could they just continually poison the DNS cache and steal my traffic?

 

Configure you dns in a split view or stealth to avoid the recursion

 

I think I speak for most people when I say, "Huh?"

 

You can read this though for enlightenment:

http://www.zytrax.com/books/dns/ch4/#stealth

http://www.dyndns.com/about/company/notify/archives/the_dangers_of_open_recursive_dns.html

Sorry for the "Huh" effect