DNS Cache Poisoning

From Hakipedia

DNS cache poisoning is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. This can happen through improper software design, misconfiguration of name servers, and maliciously designed scenarios exploiting the traditionally open-architecture of the DNS system. Once a DNS server has received such non-authentic data and caches it for future performance increase, it is considered poisoned, supplying the non-authentic data to the clients of the server.

Also can be done in client side. Like ARP cache, each machine in the network maintains an internal cache. Recently resolved hosts and their IP are present in the cache. But I don't know where is the cache and how to edit it. Also routers and gateways are maintaining DNS. If you are able compromise them, you can hack the entire network connected.

And in Windows there is a file at location c:\windows\system32\drivers\etc\hosts which is the first reference for any DNS resolving. Thus the Windows machine first look into that file before sending any DNS request. If any entry for the corresponding host is present, that particular IP address will be directly requested. No additional DNS lookup is needed. You can open that file in notepad and edit. But open as administrator.

At present this file has no effect as every line in this file are comment line (started with a # symbol). You can add a line at the end like,

    66.249.89.99    yahoo.com

In this line has the IP address of Google but the host name is yahoo.com. Just add this line and save the file. Now if you enter yahoo.com in your browser, it will take you to google.com. It may seem as not so effective. But if you use it in a intelligent way, it'll serve a lot. For example, if you add entries for websites you visit frequently, every time you enter those websites in your browser, it won't need to resolve the name. So you can have a faster performance.