networking · intermediate · ~15 min · safe pentest lab

Decode a DNS question name

Bounds-safe label decoding with loop-proof refusal of pointers.

Challenge

Your job

#include <stdint.h>
#include <stddef.h>
int parse_dns_qname(const uint8_t *pkt, size_t n, char *out, size_t cap);

A DNS name is a series of labels [len][bytes...] ending with a 0x00 length. Decode it into a dotted string in out. Return bytes written (excluding NUL), or -1 on NULL input, a length that runs past n, output overflow, a missing terminator, or a compression/reserved length byte (top two bits set, & 0xC0).

Hints

Loop: read len; 0 ends the name.
Insert a . between labels (not before the first).
Reject len & 0xC0 — compression pointers can loop; refuse them here.

Why this matters

Every DNS tool starts by decoding the label-encoded QNAME. Doing it safely means refusing compression pointers that could loop.

Starter code

#include <stdint.h>
#include <stddef.h>
int parse_dns_qname(const uint8_t *pkt, size_t n, char *out, size_t cap) {
    /* TODO */
    (void)pkt; (void)n; (void)out; (void)cap;
    return -1;
}

Common mistakes

Following compression pointers (can loop forever). Forgetting the inter-label dot. Reading past n.

Edge cases to handle

Root name (single 0x00) → 0. Truncated label. Output too small.

Complexity

O(n).

Background lessons

DNS on the wire — names as labels

Up next

Extract the SNI host from a TLS extension

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.