[nsd-users] nsd-zonec SIGSEGV when record is longer than 255 characters

Mon Aug 27 21:41:07 UTC 2012

On Aug 27, 2012, at 10:42 PM, Peter Koch <pk at DENIC.DE> wrote:

> On Mon, Aug 27, 2012 at 09:13:00PM +0200, Dmitry Kohmanyuk wrote:
> 
>> ...but long TXT records are not garbage...
> 
> this is a common misperception. RFC 1035 defines TXT RDATA as list
> of one or more strings:
> 
> 3.3.14. TXT RDATA format
> 
>    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
>    /                   TXT-DATA                    /
>    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
> 
> where:
> 
> TXT-DATA        One or more <character-string>s.
> 
> with 3.3 defining "<character-string> is a single
> length octet followed by that number of characters."

Enlightening, Peter.  Shame on me for not reading this up.

Nevertheless, the format indicates that _multiple_ strings can be present,
thus making overall length of RDATA exceed 256 bytes in some cases...

> Now, it was at least common to 'auto magically' split
> longer TXT zone file format representations, but IIRC
> in the context of DNSSEC this practice lost a few friends.

yes, as there can be multiple ways to do it.. and different RRSIGs would result..

> Consistent refusal sounds OK to me.

Me, too.   Improves on old behaviour (segfault)