If I were to tweak the Matasano explanation to be more interesting, I'd say in the last-but-one paragraph that Mallory doesn't reply "CXOPQ.VICTIM.COM A 6.6.6.0", she instead replies "CXOPQ.VICTIM.COM CNAME WWW.VICTIM.COM.", with an additional RR "WWW.VICTIM.COM A 6.6.6.0".
If I understand correctly, that is definitely in-bailiwick since the additional RR is for the answer to the original query (it's equivalent to the normal use of additional RRs for NS glue) and will successfully poison Alice's cache for WWW.VICTIM.COM.
I don't expect you can confirm nor deny that this is what Kaminsky is getting at if you're in possession of the canonical explanation however :-P
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2008-07-23 23:59 (UTC)If I understand correctly, that is definitely in-bailiwick since the additional RR is for the answer to the original query (it's equivalent to the normal use of additional RRs for NS glue) and will successfully poison Alice's cache for WWW.VICTIM.COM.
I don't expect you can confirm nor deny that this is what Kaminsky is getting at if you're in possession of the canonical explanation however :-P