What does DNS Poisoning mean?
DNS means Domain Name System. It's the global system which converts domain names (eg domain.com) into IP addresses (eg 188.8.131.52). DNS Poisoning refers to the intentional manipulation of this system such that a domain name does not resolve to a correct IP address. When in place, the website will be unavailable or redirect to a different website.
There are legitimate reasons why a DNS lookup may return different IPs depending on the country where the request comes from. For this reason, one can only conclude that a website is not subject to DNS poisoning, if
- When accessed from the US, the host name resolves to an IP address, and
- When accessed from China, the host name resolves to the same IP address.
Next, the system tries to identify bogus DNS packets sent by the Great Firewall (GFW). GFW will return an IP address from a blocked IP pool if the user's DNS inquiry matches the blacklist. GFW would even return a bogus DNS response if the user is performing the look up from a nonexistent DNS server. In an untempered network, the DNS inquiry should return no results because the DNS server is invalid.