MoinQ:

1. DNS/KnotResolver/CNAMEpoison

I am talking about poisoned response that has a answer section which contains CNAME records.

I shall not explain how we send poisoned packet to the target resolver.


$ dig +short -t a xxx.qmail.jp @a.ns.qmail.jp
14.192.44.29

Then send this query. (Answer is the presumed poison!)

$ dig -t mx xxx.qmail.jp @a.ns.qmail.jp

confirm CNAME record

$ dig -t cname xxx.qmail.jp @a.ns.qmail.jp

2. defense

If the response is a fake, it is of no use to requery CNAME value(canonical name).

So when you find CNAME in answer section: then;

-- ToshinoriMaeno 2016-07-19 07:02:50