
Ask HN: Mitigating DNS cache poisoning attacks for open source sites? - semi-nontechncl
I&#x27;m wondering how a website that has open-sourced its front-end (and back-end) code can prevent DNS cache poisoning phishing attacks? Since the front-end of the website is open source, the attacker&#x27;s phishing site would look identical to the real site.<p>I was thinking the site owner could release a mobile app that checks the website&#x27;s ip address and displays a message saying the site is safe to use if the site&#x27;s ip address matches the ip address stored in the app. If the site&#x27;s ip address doesn&#x27;t match the ip address stored in the app, then the app would display a message saying the site is unsafe to use.<p>Is there a better solution?
======
semi-nontechncl
Setting up an external website to check the main website's ip address doesn't
seem like a good option, b/c the external website could also suffer a dns
cache poison attack.

