Conversation

Notices

1. Embed this notice
   GrumpSec Spottycat (kyhwana@social.furry.nz)'s status on Tuesday, 14-Jan-2025 17:53:38 JST GrumpSec Spottycat

   DNS crimes time. What do people get when they resolve cname.fyi (and with what tool)

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 14-Jan-2025 17:53:26 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @kyhwana this has gotta depend on the resolver you query as well?

   • Embed this notice
     GrumpSec Spottycat (kyhwana@social.furry.nz)'s status on Tuesday, 14-Jan-2025 17:53:34 JST GrumpSec Spottycat

     in reply to

     Sooooo it turns out when people say "You can't CNAME the apex of a domain, that won't work/that's illegal!"
     You should be able to email dnscrimes at cname.fyi as well as resolve foo.cname.fyi and there's also a lower priority MX record for mail.cname.fyi that is CNAMEed (also bad) #dnscrimes

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 14-Jan-2025 18:43:27 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @kyhwana Oh, hey, I have a Linode host in that same datacenter.

   • Embed this notice
     GrumpSec Spottycat (kyhwana@social.furry.nz)'s status on Tuesday, 14-Jan-2025 18:43:28 JST GrumpSec Spottycat

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @ryanc probably yes, but fastmail and gmail delivered the mail. Would like to see some other resolvers and what happens too. Mostly tried linux based stuff myself. “host cname dot fyi” returns some interesting results! (Vis “dig MX cname.fyi”).
     With just a mail dot cname dot fyi mx record postfix complains about a mail loop..