DNS crimes time. What do people get when they resolve cname.fyi (and with what tool)
Conversation
Notices
-
Embed this notice
GrumpSec Spottycat (kyhwana@social.furry.nz)'s status on Tuesday, 14-Jan-2025 17:53:38 JST GrumpSec Spottycat -
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 14-Jan-2025 17:53:26 JST Ryan Castellucci :nonbinary_flag: @kyhwana this has gotta depend on the resolver you query as well?
-
Embed this notice
GrumpSec Spottycat (kyhwana@social.furry.nz)'s status on Tuesday, 14-Jan-2025 17:53:34 JST GrumpSec Spottycat Sooooo it turns out when people say "You can't CNAME the apex of a domain, that won't work/that's illegal!"
You should be able to email dnscrimes at cname.fyi as well as resolve foo.cname.fyi and there's also a lower priority MX record for mail.cname.fyi that is CNAMEed (also bad) #dnscrimes -
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 14-Jan-2025 18:43:27 JST Ryan Castellucci :nonbinary_flag: @kyhwana Oh, hey, I have a Linode host in that same datacenter.
-
Embed this notice
GrumpSec Spottycat (kyhwana@social.furry.nz)'s status on Tuesday, 14-Jan-2025 18:43:28 JST GrumpSec Spottycat @ryanc probably yes, but fastmail and gmail delivered the mail. Would like to see some other resolvers and what happens too. Mostly tried linux based stuff myself. “host cname dot fyi” returns some interesting results! (Vis “dig MX cname.fyi”).
With just a mail dot cname dot fyi mx record postfix complains about a mail loop..
-
Embed this notice