So, some vulnerability scanner just told you that your DNS-server is susceptible to DNS Cache Snooping, but how do you actually verify this, and how do you use it?
If you really want to know how this works, go read a book on DNS, and how servers keep a list of the most recently visited sites in their cache, this is just to show you how you actually do this stuff.
I will be doing this from a Linux system, by using the dig command.
dig @<ip> <domain> A +norecurse
replace the ip with the IP-address of your DNS-server, and replace the domain with whatever domain you would like to see if anyone using this particular DNS-server has visited recently.
If the result shows the domain and a number next to it, it means that someone, using this DNS-server, visited that domain recently.
To make sure that this is not a false positive, try putting a domain into the DNS-servers cache with this command:
dig @<ip> <domain> A
This time, whatever (valid) domain you put into the dig command, will be stored in the servers cache, so when you go to run dig with the +norecurse again, that domain should show up, and prove that your server is vulnerable to DNS Cache Snooping.
Why is this bad? Because it lets an attacker know what sites you visit, which means they can tailor their attacks. It’s basically another piece of information that an attacker should not have.