DNS Hijacking (Spoofing, Cache Poisoning)

DNS hijacking (also called DNS spoofing or cache poisoning) attacks the resolution layer rather than the registration itself: instead of seizing the domain at the registrar, the attacker corrupts what a DNS resolver or nameserver believes the domain points to, silently sending visitors to a malicious IP. In a cache poisoning attack, a forged DNS response is accepted by a recursive resolver and cached for the duration of the TTL, misdirecting every user that resolver serves — with no change visible in the authoritative DNS records. The primary technical countermeasure is DNSSEC, which cryptographically signs DNS responses so resolvers can detect tampering. Unlike traditional domain theft, DNS hijacking leaves ownership records untouched, making it harder to detect without active monitoring of where your domain actually resolves. Namefi users benefit from on-chain proof of domain ownership, but DNSSEC adoption and nameserver hygiene remain essential layers of defense that operate independently of tokenization. Source: Cloudflare Learning — DNS Cache Poisoning.