Answer:
(B) It allows an attacker to redirect targets to malicious webserver.
(D) It affects any clients querying the poisoned DNS server.
Explanation:
DNS cache poisoning is a serious type of attack that is designed to exploit the vulnerabilities inherent in a Domain Name Server (DNS) where a user is redirected from a real server to a fake one. It is also called DNS spoofing.
Normally, when your browser tries to visits a website through a given domain name, it goes through the DNS server. A DNS server maintains a list of domain names and their equivalent Internet Protocol addresses. This server (DNS) then responds to the request with one or more IP addresses for the browser to reach the website through the domain name.
The computer browser then get to the intended website through the IP address.
Now, if the DNS cache is poisoned, then it has a wrong entry for IP addresses. This might be via hacking or a physical access to the DNS server to modify the stored information on it. Therefore, rather than responding with the real IP address, the DNS replies with a wrong IP address which then redirects the user to an unreal website.
Although they might not be able to control your computer remotely as long as you are not trying to visit a web page via the poisoned information, there are other dangers attached to this type of attack.
Once the DNS server has been poisoned, any client trying to query the server will also be affected since there is no direct way of knowing if the information received from the server is actually correct.
