Re: Do be evil
I also don't understand how a DNS response has to be original case when a response is the IP number.
That's the response from your resolver to your query, but the inter-dns server response includes the entire record. So it will go something like this:
You: "Hey Google DNS do you know about thisdomain.example.com'
Google: 'No, I don't, I do know about example.com I'll ask that...'
Google: 'Hey example.com, do you know about tHISdoMaIn.eXaMPle.cOM?'
example.com: 'Yeah, sure, here's it's DNS entry '192.168.0.1 A tHISdoMaIn.eXaMPle.cOM'
Google: 'Cool, cheers..'
Google <to you>: 'Here's the IP...'
But if a mallicious actor is trying to attack this domain:
You: "Hey Google DNS do you know about thisdomain.example.com'
Google: 'No, I don't, I do know about example.com I'll ask that...'
Google: 'Hey example.com, do you know about tHISdoMaIn.eXaMPle.cOM?'
<at this point google gets flooded with fake responses:>example.com: 'Yeah, sure, here's it's DNS entry '10.0.0.1 A thisdomain.example.com'
Google: 'Hang on... that doesn't exactly match...'
Google <to you>: 'Error...'
(The protocol description may not be 100% accurate, but you get the idea... I suspect the voices are more robotic in reality...)