The DNS protocol is just text over udp. When making a DNS request, your system will open a socket, write "google.com" in it and read for a response. The server, if it is properly configured as a DNS server, will reply with the appropriate DNS record, again as text. Google.com is a cname to some subdomain used for load balancing, so the server will simply reply "CNAME blabla.google.com" and may optionally also resolve blabla.google.com to save you the trouble of making another request.
The DNS protocol, defined in some RFC, says that I have to make a request a certain way, and that the server has to respond a certain way. One of these ways is that for top level domains that don't exist (for ex. .time is not a currently existing tld), the server is supposed to reply nxdomain, but in reality there is no technical measure stopping it from replying with anything it wants, such as the current time.
In fact, generally speaking, the expectation that the server operators will not fuck you over is the only thing preventing public (and indeed private) DNS operators from returning you bogus data. This is mitigated somewhat by HTTPS, but DNS records themselves are infinitely fakeable with no recourse.
Your reply is riddled with errors and you don't seem to actually know how the DNS protocol works at all, on the wire or otherwise. It is, firstly, impossible for "google.com" to contain a CNAME record. This would violate standards, and it's simply not done. Query or yourself; there is no CNAME at that label.
Your description of how queries work is not how queries work at all. Your entire comment is a net negative and detracts from the overall knowledge at Hacker News.
This is a disingenuous claim, because many of the comments at the linked thread indicate that it not only is a breach of the RFC requirements, but is also liable to malfunction, so any provider/software that permits it, is going to have trouble supporting it.
I stand by what I said: it's impossible, and is simply not done [by anyone who cares about adhering to standards or interoperability.]
The DNS protocol, defined in some RFC, says that I have to make a request a certain way, and that the server has to respond a certain way. One of these ways is that for top level domains that don't exist (for ex. .time is not a currently existing tld), the server is supposed to reply nxdomain, but in reality there is no technical measure stopping it from replying with anything it wants, such as the current time.
In fact, generally speaking, the expectation that the server operators will not fuck you over is the only thing preventing public (and indeed private) DNS operators from returning you bogus data. This is mitigated somewhat by HTTPS, but DNS records themselves are infinitely fakeable with no recourse.