== DNS/KnotResolver/CNAMEpoison ==

I am talking about poisoned response that has a answer section which contains CNAME records.

I shall not explain how we send poisoned packet to the target resolver.
----

{{{
$ dig +short -t a xxx.qmail.jp @a.ns.qmail.jp
14.192.44.29
}}}

Then send this query. (Answer is the presumed poison!)
{{{
$ dig -t mx xxx.qmail.jp @a.ns.qmail.jp
}}}


confirm CNAME record
{{{
$ dig -t cname xxx.qmail.jp @a.ns.qmail.jp
}}}

== defense ==
If the response is a fake, it is of no use to requery CNAME value(canonical name).

So when you find CNAME in answer section: then;
 * check cached record which has same owner name (any kind of type) does not exist
 
 * check negative cache too

-- ToshinoriMaeno <<DateTime(2016-07-19T16:02:50+0900)>>