User: Password:
|
|
Subscribe / Log in / New account

Potential pitfalls in DNS handling

Potential pitfalls in DNS handling

Posted Nov 16, 2012 10:24 UTC (Fri) by paulj (subscriber, #341)
In reply to: Potential pitfalls in DNS handling by bjencks
Parent article: Potential pitfalls in DNS handling

Interesting. Which means RFC1035 is surely inconsistent on this, given 2.3.1 says "the labels must" - a "must" that isn't actually a "must". But as someone else points out, RFC2181 ยง11 clearly states binary is allowed.


(Log in to post comments)

Potential pitfalls in DNS handling

Posted Nov 16, 2012 19:11 UTC (Fri) by hawk (subscriber, #3195) [Link]

I think the point there is that section 2.3.1 of RFC1035 (http://tools.ietf.org/html/rfc1035#section-2.3.1) is not describing the capabilities of the actual DNS protocol but rather what names should be used to achieve compatibility with existing systems.

This article is really about what kind of data you can get back in a (still correctly formatted) DNS response. It's important to note that even though the DNS protocol can carry anything there may still be application specific naming rules that prevents the full-on "any byte is valid" in a specific context.

(The article does have an unfortunate mixup (that's my take on it, anyway) where hostname name rules and DNS protocol name rules seem to be considered the same thing. See my comment regarding this: http://lwn.net/Articles/525471/)

Potential pitfalls in DNS handling

Posted Nov 22, 2012 6:40 UTC (Thu) by magfr (subscriber, #16052) [Link]

The problem with application specific rules is that a cracker could choose to not adhere to them so the problem is still there and the application have to be prepared for everything that the protocol can transport.

Note that everything the protocol can transport might be a superset of what the protocol allows.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds