DNS spoofing adds false data to the DNS server’s cache. This enables hackers to:
Redirect real domain name queries to alternative IP addresses.
For example, a falsified A record for a bank could point a computer user’s browser to a different IP address that’s controlled by the hacker. A duplicate website could fool users into giving their bank account numbers and passwords to the hacker.
Also, a falsified mail record could enable a hacker to intercept mail sent to or from a domain. If the hacker then forwards that mail to the correct mail server after copying the mail, this can go undetected.
Prevent proper domain name resolution and access to the Internet.
This is the most benign of DNS spoof attacks. It merely makes a DNS server appear to be malfunctioning.
The most effective method to guard against these attacks is vigilance. This includes maintaining up-to-date software and auditing DNS records regularly.
If exploits are found in the current version of BIND, the exploits are patched and a security update is made available for OS X Server. Apply all such security patches.