Cross-domain security problems caused by DNS suffixes

We all know that the DNS suffix of the client can be set in dhcpd. For example, if we set the DNS suffix to "sb.com", when we access www.sb.com, all clients will use the DHCP server and try the following sequence for resolution.

 
Note: The following green fonts represent the primary domain name, and the red fonts represent the Host Name (second-level domain name header)
 
1. If the DNS server finds the IP address corresponding to www.2cto.com, the client uses this IP address for access.
 
2. If the DNS server cannot be found, the system will automatically add the DNS suffix, and another attempt will appear, such as 2cto.com.test.com. If the DNS server finds the corresponding IP address, the client will assume that the IP address corresponds to the domain name www.2cto.com. This may cause some serious security problems, such as cross-origin.
 
 
For example:
 
1. A free blog website CNAZ. NET. CNAZ. NET form of second-level domain name access (xxx represents your registered second-level domain name, most of them are directly the user name ).
 
2. The internal network of the website CNAZ. NET will use the DHCP server to automatically add the domain name suffixed with CNAZ. NET to their blog homepage, such as xxx. CNAZ. NET.
 
Instance: for example, in CNAZ. NET registered a second-level domain name, the host name (this is not understood as the user name) is: hack.www.google.com, then the complete domain name should be: hack.www.google.com. CNAZ. NET
 
Add the following framework iframe for this second-level domain name:
 
<Iframe src = "https://hack.www.google.com/accounts";> articles from security online </iframe>
 
 
When visiting hack.www.google.com, this domain name is apparently not found, resulting in:
 
1. Access hack.www.google.com and return an error (NX Domain ).
 
2. Then try hack.www.google.com. CNAZ. NET to get the IP address of the attacker's host!
 
The WEB browser takes the user to the attacker's IP address, namely hack.www.google.com. CNAZ. NET.
 
 
Windows XP/Linux Ubuntu 11.04 system IE firefox Chrome all tests are successful. Win7 fails because it only adds the DNS suffix to dnsname and does not contain the decimal point ..