TL;DR: Kerberos, and many applications/etc, do bad things with DNS canonicalization and PTR lookups resulting in situations where an attacker can subvert things like Kerberos (which has mutual authentication, so this is definitely not supposed to happen). I wanted to start a discussion here on what if any specific CWE's might be needed for this, we have a few that sort of broadly cover this, but are to generic to be of much help: CWE-171 and CWE-441. I'm broadly thinking:
CWE related to hijacking DNS lookups via canonicalization and/or PTR lookups for protocols like Kerberos that are explicitly supposed to mutually authenticate (client to server AND server to client).
I would note that the above could also cover things like SSL/TLS in web browsers (e.g. I wanted to go to facebook.com, not facebook.com.example.org). I suspect DNS local search path is more of a problem then we'd like to admit at this point.