The Domain Name System (DNS) protocol "is an Internet service that translates domain names into Internet Protocol (IP) addresses. Because domain names are alphabetic, they're easier to remember, however the Internet is really based on IP addresses; hence every time a domain name is requested, a DNS service must translate the name into the corresponding IP address".
A vulnerability was found with the recursion process used by some DNS implementations to decompress compressed DNS messages. Under certain circumstances, it is possible to cause the DNS server to terminate abnormally.
The text portions of DNS messages are specified by first giving the character count, followed by the characters themselves. For example to specify 'test.test.com', the message would look like '0x04test0x04test0x03com0x00' using 16-bit numbers. From RFC1035, Section 4.1.4 "Message Compression" specifies a way to create smaller messages so that they can easily fit into a DNS UDP packet. Hence if the top two bits of the label length byte are 1, the remaining 14 bits specify an offset from the beginning of the text on where the remaining characters can be found. This way, redundant information can be removed and hence create a smaller message.
Given this type of DNS message, the most obvious method to decode it is by using recursion. However consider a message that contains a code that instructs the DNS process to go to an illegal address once the end of the string is reached; if recursion is used to decode such a message, some DNS implementation may enter into a loop and eventually exhaust the stack. If this happens, then it would be possible for the DNS service to terminate and hence cause a denial-of-service condition.
