improved handling of malformed messages over TCP/TLS
Currently, if kresd receives malformed DNS message, it will close the TCP stream. It was probably meant as a heuristic that orientation in TCP stream was lost. However, this isn't necessarily true, since the client might have sent query that isn't possible to parse, but prefixed with correct message length.
This can be troublesome in some cases, because closing the stream also means no responses will be sent to the pipelined queries. While sending malformed queries probably isn't the common, it can certainly happen when replaying or mirroring traffic.
Perhaps the condition to close the stream could be relaxed: The stream would be closed only if the dns message length would be less than the header size.