DNS Attack Info: "Bad domain format, illegal ASCII value in domain"
The domain representation is the list of strings, separated by dots and terminated by a null terminator. It corresponds to an address of a host on the Internet.
This error is generated when a DNS message contains a domain name with characters that do not comply with the DNS RFCs.
RFC 1035 has restricted the domain characters to letters/digits/hyphen (known as the "LDH rule"). RFC 2872 (discussing SRV records) has added the usage of underscores in domains.
To recap, the illegal characters are any character other than letters (a-z, A-Z), digits (0-9), hyphen (-), and underscore (_).
This protection is part of DNS enforcement and will be disabled in future versions, due to the internationalization tendencies of the Internet, and the ongoing discussion of this issue. While DNS purists say that labels in domain names can contain any binary value, US-ASCII characters are really the only values that are useful and supported by all DNS implementations.
The error is displayed and packets are dropped because they do not comply with the protocol. It may indicate a malicious attempt to attack the system.
It is possible to add up to four extra characters that have decimal value less than 128, using the kernel global parameter
For instructions on how to edit kernel global parameters, refer to sk26202
For example, in order to allow backtick (`), define the parameter
with a value of 96.
To allow more than one extra character via
, multiply one value by 256 and add the second.
For example, in order to allow both backtick (96) and exclamation mark (33),
can be set to 96*256+33 (24609).
In general, assuming
a b c d
are four decimal values, in order to allow all of them,
should be set to
This method cannot be applied to characters of any decimal value. It only works for a decimal value that is less than 128 (i.e. 128 > a,b,c,d >= 0).