Hello and welcome to the Tuesday, October 28, 2025 edition of the Sands and then at Storm Center's Stormcast.

My name is Johannes Ulrich, today recording from Jacksonville, Florida.

And this episode is brought you by the sands.edu bachelor's degree program in

applied cyber security. Did he run an interesting experiment, looking into a question that often

comes up when you're looking at DNS covert channels, which characters can actually be transmitted

as a host name? Now, it should be pretty

straightforward. The RFC allows upper lowercase letters, numbers, the dash, the underscore,

and then, well, a dot to separate labels. But of course, that's the RFC. What's reality?

Well, did he look here at two constraints.

First of all, the operating system.

If you're using the operating system's Resolver library,

it may restrict what letters you can send,

and then whatever recursive Resolver you use,

and the DAE here looked at Cloudflare and Google.

Well, it turns out that the Windows Resolver Library actually is quite restrictive.

It only allows the standard characters.

Linux, on the other hand, and the DA here picked Ubuntu as an example, is less picky

and does allow pretty much any character in the

standard ASCII set, so any 7-bit character from 0 through 7F.

Once you take the Resolver as the only constraint and basically use some Python library or something like this as your client

resolver.

Well, in that case, things get more interesting.

...