net: target domain names in SRV records should not be compressed

[mdempsky]

The current spec for SRV records (RFC 2782) says "Target: The domain name of the target host. [...] Unless and until permitted by future standards action, name compression is not to be used for this field."

The main way I've seen this manifest as a problem (not with Go specifically) is:

1. An authoritative DNS server (non-compliantly) sends an SRV RR using domain name compression.
2. The SRV RR is (compliantly) cached by an intermediate DNS server as an opaque byte string without applying uncompression.
3. The cached SRV RR is sent in a response to a DNS stub client that (non-compliantly) tries to apply name uncompression.

This fails because the client interprets the compressed domain name pointers as offsets into the intermediate server's DNS message, but they were actually computed according to the authoritative server's DNS message. With good luck, the client will notice they're obviously bogus and reject them; but it's also possible the pointers happen to look valid and the client ends up with subtly-bogus SRV records.

[rsc]

Fine to fix, but not a release blocker.

[gopherbot]

CL https://golang.org/cl/35237 mentions this issue.

[gopherbot]

Change https://golang.org/cl/100055 mentions this issue: dns/dnsmessage: reject compressed SRV resource records

[gopherbot]

Change https://golang.org/cl/101278 mentions this issue: vendor: update golang.org/x/net/dns/dnsmessage from upstream