[bind10-dev] DNS packet API: the name object
Michael Graff
mgraff at isc.org
Tue Aug 25 00:02:18 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Francis Dupont wrote:
> The parse question is bound to the "validation" one, i.e.,
> should we parse all known RRs to validate the wire format,
> for instance an A RR should have exactly 4 octets?
> If not, it is clear that most RRs should simply deal with
> as they are opaque, so parsing is very (perhaps far too :-) simple.
There really are many steps for checking a message's validity. Here's some:
Are there sufficient bytes for a header? (12 I think it is?)
Does the header LOOK like a DNS header?
Is the message formatted correctly? That might require a fast walk of
the message (checking rdata lengths vs message lengths and ensuring that
the sections are all accounted for)
I think to this point I would argue that the checks are simple. After
this, it gets harder to decide when to do the actual checking. I'd say
"the sooner the better" but there are some harder decisions.
Checking each RR in the message for correct format.
Checking that compressed names are not used where they should not be
(I'd leave this out, personally, so long as we do not GENERATE them.)
Should some of these be processed only when used? Or when received?
Hard call.
- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkqTKgoACgkQ+NNi0s9NRJ27tACgrd1yBs/54868ApE9jOGmtFGr
Yx0AoJBV5TPz0jNLMBCOxV3hTJ43zJZY
=r+O3
-----END PGP SIGNATURE-----
More information about the bind10-dev
mailing list