[GH-ISSUE #2009] options to bypass domain validation? #847

New issue

Open

opened 2026-03-16 00:32:32 +03:00 by kerem · 3 comments

kerem commented

2026-03-16 00:32:32 +03:00

Owner

Originally created by @ibigbug on GitHub (Aug 27, 2023).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2009

I was able to build a "bad name" with rr::Name::from_str_relaxed for example: some_domain.understore

however when I use the client to exchange the message I got this error

proto error: Label contains invalid characters: Err(Errors { invalid_mapping, disallowed_by_std3_ascii_rules })

does it mean the client is validating the domain and failing with invalid char - is there a way to bypass the validation?

Originally created by @ibigbug on GitHub (Aug 27, 2023). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2009 I was able to build a "bad name" with `rr::Name::from_str_relaxed` for example: *some_domain.understore* however when I use the client to exchange the message I got this error ``` proto error: Label contains invalid characters: Err(Errors { invalid_mapping, disallowed_by_std3_ascii_rules }) ``` does it mean the client is validating the domain and failing with invalid char - is there a way to bypass the validation?

kerem commented

2026-03-16 00:32:38 +03:00

Author

Owner

@djc commented on GitHub (Aug 28, 2023):

This looks like an error from the idna crate. I'm not sure why/where that gets invoked, though. Can you provide some sample code for how your Name is passed to the client code you mention?

@djc commented on GitHub (Aug 28, 2023): This looks like an error from the idna crate. I'm not sure why/where that gets invoked, though. Can you provide some sample code for how your `Name` is passed to the client code you mention?

kerem commented

2026-03-16 00:32:43 +03:00

Author

Owner

@ibigbug commented on GitHub (Aug 30, 2023):

hi @djc thanks for you response. actually I was being misleading - I had two implementations of my DNS client and the manual crafting with bad names is actually working fine.

and the error was actually returned by the default system client, and the minimum repro is :

      let resolver = TokioAsyncResolver::tokio_from_system_conf().unwrap();
        let response = resolver.lookup_ip("some_under_store.com").await;
        assert!(response.is_err());
        assert_eq!(
            response.unwrap_err().to_string(),
            "proto error: Label contains invalid characters: Err(Errors { invalid_mapping, disallowed_by_std3_ascii_rules })"
        );

and looking at the options here https://docs.rs/trust-dns-resolver/latest/trust_dns_resolver/config/struct.ResolverOpts.html

I also don't see it's able to bypass the validation - any thoughts?

@ibigbug commented on GitHub (Aug 30, 2023): hi @djc thanks for you response. actually I was being misleading - I had two implementations of my DNS client and the manual crafting with bad names is actually working fine. and the error was actually returned by the default system client, and the minimum repro is : ``` let resolver = TokioAsyncResolver::tokio_from_system_conf().unwrap(); let response = resolver.lookup_ip("some_under_store.com").await; assert!(response.is_err()); assert_eq!( response.unwrap_err().to_string(), "proto error: Label contains invalid characters: Err(Errors { invalid_mapping, disallowed_by_std3_ascii_rules })" ); ``` and looking at the options here https://docs.rs/trust-dns-resolver/latest/trust_dns_resolver/config/struct.ResolverOpts.html I also don't see it's able to bypass the validation - any thoughts?

kerem commented

2026-03-16 00:32:48 +03:00

Author

Owner

@djc commented on GitHub (Aug 31, 2023):

So AsyncResolver::lookup_ip() takes an impl IntoName. If you use Name::from_str_relaxed() and then pass the result into lookup_ip(), I think this will work?

See also discussion in https://github.com/bluejekyll/trust-dns/issues/1904, and if you want to help with https://github.com/bluejekyll/trust-dns/pull/1919 that would be great, too!

@djc commented on GitHub (Aug 31, 2023): So `AsyncResolver::lookup_ip()` takes an `impl IntoName`. If you use `Name::from_str_relaxed()` and then pass the result into `lookup_ip()`, I think this will work? See also discussion in https://github.com/bluejekyll/trust-dns/issues/1904, and if you want to help with https://github.com/bluejekyll/trust-dns/pull/1919 that would be great, too!