-
Cache uses dname_lf for keys, i.e. zero bytes serve as separators between labels. Therefore having a zero inside label could masquerade for QNAME that does have label separators instead of these zeros. That doesn't seem really exploitable in practice, as standard registries won't allow such labels, so I can't see any possible attack that would "cross border" of these registries, e.g. attacking anything inside example.org without any cooperation from its owner (or org or root).
