Invalid JSON format #542
Description
Cloudflare is using "Black Lies".
For an NXDOMAIN, they always return \000.(the missing name) as the next name.
Thus the \0 will cause the invalid escape in JSON format
For example, the result of querying cloudflare.com @1.1.1.1 CNAME
{
"answer_ipv4_address":"1.1.1.1",
"answer_type": 800,
"canonical_name":"cloudflare.com.",
"replies_full":
[
[152,147,129,144,0,1,0,0,0,4,0,1,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,0,5,0,1,192,12,0,6,0,1,0,0,0,107,0,32,3,110,115,51,192,12,3,100,110,115,192,12,138,130,153,176,0,0,39,16,0,0,9,96,0,9,58,128,0,0,1,44,192,12,0,46,0,1,0,0,0,107,0,98,0,6,13,2,0,0,1,44,101,60,182,191,101,57,247,159,134,201,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,183,234,115,136,64,163,165,26,8,194,55,69,253,4,113,81,5,71,142,63,84,90,142,18,78,198,80,28,41,122,100,182,31,121,94,119,47,196,47,53,216,114,221,143,174,123,74,62,104,106,166,176,44,237,208,0,158,222,144,87,170,22,72,157,192,12,0,47,0,1,0,0,0,107,0,32,1,0,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,0,9,98,5,128,12,84,11,141,28,192,1,1,192,192,12,0,46,0,1,0,0,0,107,0,98,0,47,13,2,0,0,1,44,101,60,182,191,101,57,247,159,134,201,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,1,3,226,52,83,96,21,14,6,7,218,209,197,176,162,32,32,237,132,135,21,213,195,99,22,174,55,248,74,168,34,34,133,248,193,174,67,35,145,124,183,55,114,253,37,243,181,216,221,93,191,176,184,78,127,154,20,131,215,247,44,94,103,41,0,0,41,4,208,0,0,128,0,0,0]
],
"replies_tree":
[
{
"additional":
[
{
"do": 1,
"extended_rcode": 0,
"rdata":
{
"rdata_raw":[]
},
"type": 41,
"udp_payload_size": 1232,
"version": 0,
"z": 0
}
],
"answer": [],
"answer_ipv4_address":"1.1.1.1",
"answer_type": 800,
"authority":
[
{
"class": 1,
"name":"cloudflare.com.",
"rdata":
{
"expire": 604800,
"minimum": 300,
"mname":"ns3.cloudflare.com.",
"rdata_raw":[3,110,115,51,192,12,3,100,110,115,192,12,138,130,153,176,0,0,39,16,0,0,9,96,0,9,58,128,0,0,1,44],
"refresh": 10000,
"retry": 2400,
"rname":"dns.cloudflare.com.",
"serial": -1971152464
},
"ttl": 107,
"type": 6
},
{
"class": 1,
"name":"cloudflare.com.",
"rdata":
{
"algorithm": 13,
"key_tag": 34505,
"labels": 2,
"original_ttl": 300,
"rdata_raw":[0,6,13,2,0,0,1,44,101,60,182,191,101,57,247,159,134,201,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,183,234,115,136,64,163,165,26,8,194,55,69,253,4,113,81,5,71,142,63,84,90,142,18,78,198,80,28,41,122,100,182,31,121,94,119,47,196,47,53,216,114,221,143,174,123,74,62,104,106,166,176,44,237,208,0,158,222,144,87,170,22,72,157],
"signature":[183,234,115,136,64,163,165,26,8,194,55,69,253,4,113,81,5,71,142,63,84,90,142,18,78,198,80,28,41,122,100,182,31,121,94,119,47,196,47,53,216,114,221,143,174,123,74,62,104,106,166,176,44,237,208,0,158,222,144,87,170,22,72,157],
"signature_expiration": 1698477759,
"signature_inception": 1698297759,
"signers_name":"cloudflare.com.",
"type_covered": 6
},
"ttl": 107,
"type": 46
},
{
"class": 1,
"name":"cloudflare.com.",
"rdata":
{
"next_domain_name":"\000.cloudflare.com.",
"rdata_raw":[1,0,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,0,9,98,5,128,12,84,11,141,28,192,1,1,192],
"type_bit_maps":[0,9,98,5,128,12,84,11,141,28,192,1,1,192]
},
"ttl": 107,
"type": 47
},
{
"class": 1,
"name":"cloudflare.com.",
"rdata":
{
"algorithm": 13,
"key_tag": 34505,
"labels": 2,
"original_ttl": 300,
"rdata_raw":[0,47,13,2,0,0,1,44,101,60,182,191,101,57,247,159,134,201,10,99,108,111,117,100,102,108,97,114,101,3,99,111,109,0,1,3,226,52,83,96,21,14,6,7,218,209,197,176,162,32,32,237,132,135,21,213,195,99,22,174,55,248,74,168,34,34,133,248,193,174,67,35,145,124,183,55,114,253,37,243,181,216,221,93,191,176,184,78,127,154,20,131,215,247,44,94,103,41],
"signature":[1,3,226,52,83,96,21,14,6,7,218,209,197,176,162,32,32,237,132,135,21,213,195,99,22,174,55,248,74,168,34,34,133,248,193,174,67,35,145,124,183,55,114,253,37,243,181,216,221,93,191,176,184,78,127,154,20,131,215,247,44,94,103,41],
"signature_expiration": 1698477759,
"signature_inception": 1698297759,
"signers_name":"cloudflare.com.",
"type_covered": 47
},
"ttl": 107,
"type": 46
}
],
"canonical_name":"cloudflare.com.",
"dnssec_status": 401,
"header":
{
"aa": 0,
"ad": 0,
"ancount": 0,
"arcount": 1,
"cd": 1,
"extended_rcode": 0,
"id": 39059,
"nscount": 4,
"opcode": 0,
"qdcount": 1,
"qr": 1,
"ra": 1,
"rcode": 0,
"rd": 1,
"tc": 0,
"z": 0
},
"question":
{
"qclass": 1,
"qname":"cloudflare.com.",
"qtype": 5
}
}
],
"status": 902
}
"next_domain_name":"\000.cloudflare.com."
Although the answer part is empty, the authority part will contain the response of NSEC, and cause the invalid escape due to \0
It's just an example of known invalid escape, there might be other possible responses that cause the same issue.