Google has generally begun to allow randomization of domain queries sent to authoritative name servers in an effort to make cache poisoning attacks less effective (cache poisoning attacks).
This means that queries for a domain like iguru.gr, if handled by Google Public DNS, could be reconfigured to IgUrU.gr when the request is transmitted to DNS servers for lookup. Although this will be noticeable to administrators controlling network traffic, this particular formatting is not visible to the general public.
When users try to visit a page like iguru.gr – with whatever browser or application they are using, they are essentially querying the site's domain name using the Domain Name System (DNS) to discover the IP addresses of the servers hosting the site. Such a DNS query usually goes through a recursive DNS service that contacts other name servers until it finally receives a response from a valid name server.
To speed up this multi-step process, DNS query responses may be cached by these intermediate name servers. This opens up the possibility of cache poisoning attacks.
One such attack involves attacking one of these intermediate name servers with too many DNS queries for uncached domains. The victim server then contacts other name servers that can help it answer these queries. At the same time, the attacker floods the victim's server with false responses that are disguised to look like legitimate responses from these other name servers.
The hacker's goal is to get the victim's server to accept one or more of these bogus responses – and cache that wrong response – so that he can take advantage of the misdirection.
All of this is possible because DNS servers are based on UDP – a network protocol that is faster than TCP, but offers no guarantees on connections and is therefore more vulnerable to spoofing. It also works because DNS query IDs are 16-bit fields, meaning their possible values can only range from 0 to 65.535 – a small enough range to guess with a flood of malicious requests.
There is one detailed analysis of this attack here if you are curious. And, yes, DNSSEC is supposed to prevent these kinds of cache poisoning attacks, when supported and used.
