kenobi> evdns_server_request_format_response() with dnsname_to_labels() wrongly implements part of rfc1035 about logic for sets of TC bit. kenobi> " Messages carried by UDP are restricted to 512 bytes (not counting the IP or UDP headers). Longer messages are truncated and the TC bit is set in the header" kenobi> TC bits should be sets only if lenght of all message via UDP was more than 512 bytes. Not alone lables or names. kenobi> for now TC bit sets for wrongly lengthed labels, which stricly limits for 63, but those means transmited error not signaling truncate bit. > do you have a patch? :) kenobi> I do not have patch, because it's should be designed for future tcp transport too, so it's slightly hard for patch by one line. > (does this affect anything in practice, or is it just a theoretical correctness issue?) kenobi> It's can be exploit via exotic attack, if reverse lookup was controled by attacker and exit relay was too. And resolv.conf contained ISP's DNS. > what would the attack achieve, in that case? kenobi> ip address of ISP's DNS [Automatically added by flyspray2trac: Operating System: All]