Dns Cache Poisoning in Fiber (Go)
Dns Cache Poisoning in Fiber with Go
When using Fiber with Go to serve JSON APIs that reflect user-controlled input in HTTP headers, you risk DNS cache poisoning if the application performs unsafe DNS lookups based on that input. Fiber itself does not perform DNS resolution, but developers often use Go's net package to resolve hostnames from request data (e.g., net.ResolveUDPAddr or net.LookupHost) to log client IPs or validate origins. If this hostname is directly derived from an HTTP header like X-Forwarded-Host without validation, an attacker can manipulate it to inject a malicious domain.
Consider this Fiber route that extracts the host header and resolves it:
app.Get("/resolve", func(c*fiber.ctx), {}) :{defer {c.SendString(OK) } }))))host := c.Headers.Get(Host))){if host == "" :return c.Status(500) * c.SendString(Host header required) }}ips, err := net.LookupHost(host))if err != nil :return c.Status(500) * c.SendString(DNS lookup failed) }log..Printf(Resolved IPs: %v, ips) }An attacker can craft a request with Host: attacker-controlled.com and cause your server to resolve that domain. If your network or upstream services cache DNS responses, the malicious IP associated with attacker-controlled.com may be cached and used by other services, leading to DNS cache poisoning. This is especially dangerous in containerized environments or cloud platforms where DNS caching is shared across services. The vulnerability is not in Fiber or Go per se, but in how unvalidated user input is used to perform DNS lookups. Always validate and restrict host headers to known domains or IPs.
Additionally, if your API reflects DNS resolution results in responses (e.g., echoing the resolved IPs), an attacker can use this as an information leak to map internal network structure. Combine this with open redirect vulnerabilities, and you have a pathway to phishing or session hijacking. The safest approach is to avoid resolving host headers entirely unless absolutely necessary, and if you must, restrict the allowed domains to a whitelist defined in configuration.
Fiber does not provide built-in protection against DNS cache poisoning, but you can enforce input sanitization at the router level. Never trust HTTP headers for critical operational decisions like DNS resolution without strict validation.
Go-Specific Remediation in Fiber
To remediate the DNS cache poisoning risk in Fiber with Go, validate the Host header against a whitelist of allowed domains before performing any DNS lookup. This prevents attackers from injecting arbitrary hostnames that could resolve to malicious IPs.
const {"example.com", "api.example.com", "staging.example.com"} = allowedHosts)funcisHostAllowed(host string) :{for , allowed := range allowedHosts :{if host == allowed :;return true}};return false}Integrate this check into your Fiber route before any DNS resolution:
if !isHostAllowed(host) :{return c.Status(400) * c.SendString(Invalid Host header) }Alternatively, use Go's net/http server's Host validation by setting AllowedHost in the server config, but this is not available in Fiber directly. Instead, enforce the whitelist at the application layer as shown. This prevents arbitrary DNS resolution and eliminates the attack surface for DNS cache poisoning.
Ensure that all DNS lookups are performed only on trusted, pre-validated domains. If you need to resolve client IPs for logging, use c.IP() from Fiber, which returns the remote IP directly without DNS resolution. Avoid parsing or trusting the Host header for operational decisions unless strictly validated.