[ldns-users] ldns_wire2dname() doesn't reject some invalid pointers

Robert Edmonds edmonds at debian.org
Sun Sep 6 18:31:55 UTC 2009

RFC 1035 section 4.1.4 says this about message compression:

    "In this scheme, an entire domain name or a list of labels at the
    end of a domain name is replaced with a pointer to a prior occurance
    of the same name."

note that the pointer must point backwards in the packet (a prior
occurrence) and must point to a name.

here's a DNS message that ldns 1.6 parses successfully:


the owner name of the first RR in the authority section starts with a
pointer *forward* one octet in the packet to the first octet of the type
field, which happens to be zero.  and the type field of an RR isn't a
name, so a compression pointer can't point to it.

Robert Edmonds
edmonds at debian.org

More information about the ldns-users mailing list