Use DNSSEC to secure your DNS infrastructure.

                    Require internal clients to resolve all domain names through the
                    internal DNS. This will require that you block outbound UDP port

                    53 (for queries) while keeping open outbound TCP port 53 (for
                    zone transfers).

               Another attack closely related to DNS poisoning and/or DNS
               spoofing is DNS pharming. Pharming is the malicious redirection of a
               valid website’s URL or IP address to a fake website that hosts a false
               version of the original valid site. This is often part of a phishing attack
               where the attacker is attempting to trick victims into giving up their

               logon credentials. If potential victims aren’t careful or paying
               attention, they may be tricked into providing their logon information
               to the false, pharmed website. Pharming typically occurs either by
               modifying the local HOSTS file on a system or by poisoning or
               spoofing DNS resolution. Pharming is an increasingly problematic

               activity because hackers have discovered means to exploit DNS
               vulnerabilities to pharm various domain names for large groups of
               targeted users.


               Domain Hijacking

               Domain hijacking, or domain theft, is the malicious action of changing
               the registration of a domain name without the authorization of the
               valid owner. This may be accomplished by stealing the owner’s logon
               credentials, using XSRF, hijacking a session, using MitM (see Chapter

               21, “Malicious Code and Application Attacks,” for coverage of these
               attacks), or exploiting a flaw in the domain registrar’s systems.

               Sometimes when another person registers a domain name
               immediately after the original owner’s registration expires, it is called
               domain hijacking, but it should not be. This is a potentially unethical
               practice, but it is not an actual hack or attack. It is taking advantage of
               the oversight of the original owner’s failure to manually extend their

               registration or configure autorenewal. If an original owner loses their
               domain name by failing to maintain registration, there is often no
               recourse other than to contact the new owner and inquire regarding
               reobtaining control. Many registrars have a “you snooze, you lose”