If you read Dan Kaminsky's researchs over the past few years, you'd probably know that Dan knows many DNS tricks. One of these is the CNAME trick that Dan mentioned in the Wired interview. He has talked about this trick back to 2007 as below: 1. CNAME Records: DNS Aliases - Instead of returning an address, return what the "Canonical", or Official Name was, and then the address of that Canonical Name - If you are allowed to be the resolver for that canonical name, your additional record overrides whatever's already in the cache, even if the TTL hasn't expired yet * It's not a bug. * Works against most, but not actually all name servers 2. Demo $ dig
Hindsight analysis of the infamous DNS bug
Hindsight analysis of the infamous DNS bug
Hindsight analysis of the infamous DNS bug
If you read Dan Kaminsky's researchs over the past few years, you'd probably know that Dan knows many DNS tricks. One of these is the CNAME trick that Dan mentioned in the Wired interview. He has talked about this trick back to 2007 as below: 1. CNAME Records: DNS Aliases - Instead of returning an address, return what the "Canonical", or Official Name was, and then the address of that Canonical Name - If you are allowed to be the resolver for that canonical name, your additional record overrides whatever's already in the cache, even if the TTL hasn't expired yet * It's not a bug. * Works against most, but not actually all name servers 2. Demo $ dig