diff --git a/src/dns.h b/src/dns.h
index c3c75d8f..6a4b2021 100644
--- a/src/dns.h
+++ b/src/dns.h
@@ -6,8 +6,184 @@
 #include <stdlib.h>
 #include "map.h"
 
+// Constants
+#define HSK_DNS_MAX_NAME 255
+#define HSK_DNS_MAX_LABEL 63
+#define HSK_DNS_MAX_LABELS 128
+#define HSK_DNS_MAX_UDP 512
+#define HSK_DNS_STD_EDNS 1280
+#define HSK_DNS_MAX_EDNS 4096
+#define HSK_DNS_MAX_TCP 65535
+// If every label byte takes four characters (\\DDD)
+//    3 * ((4 * 63) + 1)    // max label plus dot
+//    1 * ((4 * 61) + 1)    // remainder of max name plus dot
+#define HSK_DNS_MAX_NAME_STRING 1004
+// Simply 4 * HSK_DNS_MAX_LABEL
+#define HSK_DNS_MAX_LABEL_STRING 252
+
+// Opcodes
+#define HSK_DNS_QUERY 0
+#define HSK_DNS_IQUERY 1
+#define HSK_DNS_STATUS 2
+#define HSK_DNS_NOTIFY 4
+#define HSK_DNS_UPDATE 5
+
+// Flags
+#define HSK_DNS_QR (1 << 15) // query/response (response=1)
+#define HSK_DNS_AA (1 << 10) // authoritative
+#define HSK_DNS_TC (1 << 9) // truncated
+#define HSK_DNS_RD (1 << 8) // recursion desired
+#define HSK_DNS_RA (1 << 7) // recursion available
+#define HSK_DNS_Z (1 << 6) // Z
+#define HSK_DNS_AD (1 << 5) // authenticated data
+#define HSK_DNS_CD (1 << 4) // checking disabled
+
+// Errors
+#define HSK_DNS_NOERROR 0 // No Error
+#define HSK_DNS_SUCCESS 0 // No Error
+#define HSK_DNS_FORMERR 1 // Format Error
+#define HSK_DNS_SERVFAIL 2 // Server Failure
+#define HSK_DNS_NXDOMAIN 3 // Non-Existent Domain
+#define HSK_DNS_NOTIMP 4 // Not Implemented
+#define HSK_DNS_REFUSED 5 // Query Refused
+#define HSK_DNS_YXDOMAIN 6 // Name Exists when it should not
+#define HSK_DNS_YXRRSET 7 // RR Set Exists when it should not
+#define HSK_DNS_NXRRSET 8 // RR Set that should exist does not
+#define HSK_DNS_NOTAUTH 9 // Server Not Authoritative for zone
+#define HSK_DNS_NOTZONE 10 // Name not contained in zone
+#define HSK_DNS_BADSIG 16 // TSIG Signature Failure
+#define HSK_DNS_BADVERS 16 // Bad OPT Version
+#define HSK_DNS_BADKEY 17 // Key not recognized
+#define HSK_DNS_BADTIME 18 // Signature out of time window
+#define HSK_DNS_BADMODE 19 // Bad TKEY Mode
+#define HSK_DNS_BADNAME 20 // Duplicate key name
+#define HSK_DNS_BADALG 21 // Algorithm not supported
+#define HSK_DNS_BADTRUNC 22 // Bad Truncation
+#define HSK_DNS_BADCOOKIE 23 // Bad/missing Server Cookie
+
+// Records
+#define HSK_DNS_UNKNOWN 0
+#define HSK_DNS_A 1
+#define HSK_DNS_NS 2
+#define HSK_DNS_MD 3 // obsolete
+#define HSK_DNS_MF 4 // obsolete
+#define HSK_DNS_CNAME 5
+#define HSK_DNS_SOA 6
+#define HSK_DNS_MB 7 // experimental
+#define HSK_DNS_MG 8 // experimental
+#define HSK_DNS_MR 9 // experimental
+#define HSK_DNS_NULL 10 // obsolete
+#define HSK_DNS_WKS 11 // deprecated
+#define HSK_DNS_PTR 12
+#define HSK_DNS_HINFO 13 // not-in-use
+#define HSK_DNS_MINFO 14 // experimental
+#define HSK_DNS_MX 15
+#define HSK_DNS_TXT 16
+#define HSK_DNS_RP 17
+#define HSK_DNS_AFSDB 18
+#define HSK_DNS_X25 19 // not-in-use
+#define HSK_DNS_ISDN 20 // not-in-use
+#define HSK_DNS_RT 21 // not-in-use
+#define HSK_DNS_NSAP 22 // not-in-use
+#define HSK_DNS_NSAPPTR 23 // not-in-use
+#define HSK_DNS_SIG 24 // obsolete
+#define HSK_DNS_KEY 25 // obsolete
+#define HSK_DNS_PX 26 // not-in-use
+#define HSK_DNS_GPOS 27 // deprecated
+#define HSK_DNS_AAAA 28
+#define HSK_DNS_LOC 29
+#define HSK_DNS_NXT 30 // obsolete
+#define HSK_DNS_EID 31 // not-in-use
+#define HSK_DNS_NB 32 // obsolete
+#define HSK_DNS_NIMLOC 32 // not-in-use
+#define HSK_DNS_NBSTAT 33 // obsolete
+#define HSK_DNS_SRV 33
+#define HSK_DNS_ATMA 34 // not-in-use
+#define HSK_DNS_NAPTR 35
+#define HSK_DNS_KX 36
+#define HSK_DNS_CERT 37
+#define HSK_DNS_A6 38 // historic
+#define HSK_DNS_DNAME 39
+#define HSK_DNS_SINK 40 // unimpl (joke?)
+#define HSK_DNS_OPT 41 // impl (pseudo-record edns)
+#define HSK_DNS_APL 42 // not-in-use
+#define HSK_DNS_DS 43
+#define HSK_DNS_SSHFP 44
+#define HSK_DNS_IPSECKEY 45
+#define HSK_DNS_RRSIG 46
+#define HSK_DNS_NSEC 47
+#define HSK_DNS_DNSKEY 48
+#define HSK_DNS_DHCID 49
+#define HSK_DNS_NSEC3 50
+#define HSK_DNS_NSEC3PARAM 51
+#define HSK_DNS_TLSA 52
+#define HSK_DNS_SMIMEA 53
+#define HSK_DNS_HIP 55
+#define HSK_DNS_NINFO 56 // proposed
+#define HSK_DNS_RKEY 57 // proposed
+#define HSK_DNS_TALINK 58 // proposed
+#define HSK_DNS_CDS 59
+#define HSK_DNS_CDNSKEY 60
+#define HSK_DNS_OPENPGPKEY 61
+#define HSK_DNS_CSYNC 62
+#define HSK_DNS_SPF 99 // obsolete
+#define HSK_DNS_UINFO 100 // obsolete
+#define HSK_DNS_UID 101 // obsolete
+#define HSK_DNS_GID 102 // obsolete
+#define HSK_DNS_UNSPEC 103 // obsolete
+#define HSK_DNS_NID 104
+#define HSK_DNS_L32 105
+#define HSK_DNS_L64 106
+#define HSK_DNS_LP 107
+#define HSK_DNS_EUI48 108
+#define HSK_DNS_EUI64 109
+#define HSK_DNS_TKEY 249
+#define HSK_DNS_TSIG 250
+#define HSK_DNS_IXFR 251 // unimpl (pseudo-record)
+#define HSK_DNS_AXFR 252 // unimpl (pseudo-record)
+#define HSK_DNS_MAILB 253 // experimental unimpl (qtype)
+#define HSK_DNS_MAILA 254 // obsolete unimpl (qtype)
+#define HSK_DNS_ANY 255 // impl (qtype)
+#define HSK_DNS_URI 256
+#define HSK_DNS_CAA 257
+#define HSK_DNS_AVC 258 // proposed
+#define HSK_DNS_DOA 259 // proposed
+#define HSK_DNS_TA 32768
+#define HSK_DNS_DLV 32769
+#define HSK_DNS_RESERVED 65535 // unimpl
+
+// Classes
+#define HSK_DNS_IN 1
+#define HSK_DNS_CH 3
+#define HSK_DNS_HS 4
+#define HSK_DNS_NONE 254
+// #define HSK_DNS_ANY 255
+
+// EDNS flags
+#define HSK_DNS_DO (1 << 15) // DNSSEC OK
+
+// EDNS Options
+#define HSK_DNS_OPT_RESERVED 0 // Reserved
+#define HSK_DNS_OPT_LLQ 1 // Long Lived Queries
+#define HSK_DNS_OPT_UL 2 // Update Lease Draft
+#define HSK_DNS_OPT_NSID 3 // Nameserver Identifier
+#define HSK_DNS_OPT_DAU 5 // DNSSEC Algorithm Understood
+#define HSK_DNS_OPT_DHU 6 // DS Hash Understood
+#define HSK_DNS_OPT_N3U 7 // NSEC3 Hash Understood
+#define HSK_DNS_OPT_SUBNET 8 // Client Subnet
+#define HSK_DNS_OPT_EXPIRE 9 // Expire
+#define HSK_DNS_OPT_COOKIE 10 // Cookie
+#define HSK_DNS_OPT_TCPKEEPALIVE 11 // TCP Keep-Alive
+#define HSK_DNS_OPT_PADDING 12 // Padding
+#define HSK_DNS_OPT_CHAIN 13 // Chain
+#define HSK_DNS_OPT_KEYTAG 14 // Key Tag
+#define HSK_DNS_OPT_DEVICEID 26946 // Device ID
+#define HSK_DNS_OPT_LOCAL 65001 // Beginning of local/experimental use
+#define HSK_DNS_OPT_LOCALSTART 65001 // Beginning of local/experimental use
+#define HSK_DNS_OPT_LOCALEND 65534 // End of local/experimental use
+
 typedef struct hsk_dns_rr_s {
-  char name[256];
+  char name[HSK_DNS_MAX_NAME_STRING + 1];
   uint16_t type;
   uint16_t class;
   uint32_t ttl;
@@ -57,7 +233,7 @@ typedef struct {
 } hsk_dns_unknown_rd_t;
 
 typedef struct {
-  char ns[256];
+  char ns[HSK_DNS_MAX_NAME_STRING + 1];
   char mbox[256];
   uint32_t serial;
   uint32_t refresh;
@@ -85,15 +261,15 @@ typedef struct {
 } hsk_dns_loc_rd_t;
 
 typedef struct {
-  char target[256];
+  char target[HSK_DNS_MAX_NAME_STRING + 1];
 } hsk_dns_cname_rd_t;
 
 typedef struct {
-  char target[256];
+  char target[HSK_DNS_MAX_NAME_STRING + 1];
 } hsk_dns_dname_rd_t;
 
 typedef struct {
-  char ns[256];
+  char ns[HSK_DNS_MAX_NAME_STRING + 1];
 } hsk_dns_ns_rd_t;
 
 typedef struct {
@@ -167,7 +343,7 @@ typedef struct {
   uint32_t expiration;
   uint32_t inception;
   uint16_t key_tag;
-  char signer_name[256];
+  char signer_name[HSK_DNS_MAX_NAME_STRING + 1];
   size_t signature_len;
   uint8_t *signature;
 } hsk_dns_rrsig_rd_t;
@@ -185,7 +361,7 @@ typedef struct {
 } hsk_dns_rp_rd_t;
 
 typedef struct {
-  char next_domain[256];
+  char next_domain[HSK_DNS_MAX_NAME_STRING + 1];
   size_t type_map_len;
   uint8_t *type_map;
 } hsk_dns_nsec_rd_t;
@@ -200,182 +376,6 @@ typedef struct {
   size_t msg_len;
 } hsk_dns_dmp_t;
 
-// Constants
-#define HSK_DNS_MAX_NAME 255
-#define HSK_DNS_MAX_LABEL 63
-#define HSK_DNS_MAX_LABELS 128
-#define HSK_DNS_MAX_UDP 512
-#define HSK_DNS_STD_EDNS 1280
-#define HSK_DNS_MAX_EDNS 4096
-#define HSK_DNS_MAX_TCP 65535
-// If every label byte takes four characters (\\DDD)
-//    3 * ((4 * 63) + 1)    // max label plus dot
-//    1 * ((4 * 61) + 1)    // remainder of max name plus dot
-#define HSK_DNS_MAX_NAME_STRING 1004
-// Simply 4 * HSK_DNS_MAX_LABEL
-#define HSK_DNS_MAX_LABEL_STRING 252
-
-// Opcodes
-#define HSK_DNS_QUERY 0
-#define HSK_DNS_IQUERY 1
-#define HSK_DNS_STATUS 2
-#define HSK_DNS_NOTIFY 4
-#define HSK_DNS_UPDATE 5
-
-// Flags
-#define HSK_DNS_QR (1 << 15) // query/response (response=1)
-#define HSK_DNS_AA (1 << 10) // authoritative
-#define HSK_DNS_TC (1 << 9) // truncated
-#define HSK_DNS_RD (1 << 8) // recursion desired
-#define HSK_DNS_RA (1 << 7) // recursion available
-#define HSK_DNS_Z (1 << 6) // Z
-#define HSK_DNS_AD (1 << 5) // authenticated data
-#define HSK_DNS_CD (1 << 4) // checking disabled
-
-// Errors
-#define HSK_DNS_NOERROR 0 // No Error
-#define HSK_DNS_SUCCESS 0 // No Error
-#define HSK_DNS_FORMERR 1 // Format Error
-#define HSK_DNS_SERVFAIL 2 // Server Failure
-#define HSK_DNS_NXDOMAIN 3 // Non-Existent Domain
-#define HSK_DNS_NOTIMP 4 // Not Implemented
-#define HSK_DNS_REFUSED 5 // Query Refused
-#define HSK_DNS_YXDOMAIN 6 // Name Exists when it should not
-#define HSK_DNS_YXRRSET 7 // RR Set Exists when it should not
-#define HSK_DNS_NXRRSET 8 // RR Set that should exist does not
-#define HSK_DNS_NOTAUTH 9 // Server Not Authoritative for zone
-#define HSK_DNS_NOTZONE 10 // Name not contained in zone
-#define HSK_DNS_BADSIG 16 // TSIG Signature Failure
-#define HSK_DNS_BADVERS 16 // Bad OPT Version
-#define HSK_DNS_BADKEY 17 // Key not recognized
-#define HSK_DNS_BADTIME 18 // Signature out of time window
-#define HSK_DNS_BADMODE 19 // Bad TKEY Mode
-#define HSK_DNS_BADNAME 20 // Duplicate key name
-#define HSK_DNS_BADALG 21 // Algorithm not supported
-#define HSK_DNS_BADTRUNC 22 // Bad Truncation
-#define HSK_DNS_BADCOOKIE 23 // Bad/missing Server Cookie
-
-// Records
-#define HSK_DNS_UNKNOWN 0
-#define HSK_DNS_A 1
-#define HSK_DNS_NS 2
-#define HSK_DNS_MD 3 // obsolete
-#define HSK_DNS_MF 4 // obsolete
-#define HSK_DNS_CNAME 5
-#define HSK_DNS_SOA 6
-#define HSK_DNS_MB 7 // experimental
-#define HSK_DNS_MG 8 // experimental
-#define HSK_DNS_MR 9 // experimental
-#define HSK_DNS_NULL 10 // obsolete
-#define HSK_DNS_WKS 11 // deprecated
-#define HSK_DNS_PTR 12
-#define HSK_DNS_HINFO 13 // not-in-use
-#define HSK_DNS_MINFO 14 // experimental
-#define HSK_DNS_MX 15
-#define HSK_DNS_TXT 16
-#define HSK_DNS_RP 17
-#define HSK_DNS_AFSDB 18
-#define HSK_DNS_X25 19 // not-in-use
-#define HSK_DNS_ISDN 20 // not-in-use
-#define HSK_DNS_RT 21 // not-in-use
-#define HSK_DNS_NSAP 22 // not-in-use
-#define HSK_DNS_NSAPPTR 23 // not-in-use
-#define HSK_DNS_SIG 24 // obsolete
-#define HSK_DNS_KEY 25 // obsolete
-#define HSK_DNS_PX 26 // not-in-use
-#define HSK_DNS_GPOS 27 // deprecated
-#define HSK_DNS_AAAA 28
-#define HSK_DNS_LOC 29
-#define HSK_DNS_NXT 30 // obsolete
-#define HSK_DNS_EID 31 // not-in-use
-#define HSK_DNS_NB 32 // obsolete
-#define HSK_DNS_NIMLOC 32 // not-in-use
-#define HSK_DNS_NBSTAT 33 // obsolete
-#define HSK_DNS_SRV 33
-#define HSK_DNS_ATMA 34 // not-in-use
-#define HSK_DNS_NAPTR 35
-#define HSK_DNS_KX 36
-#define HSK_DNS_CERT 37
-#define HSK_DNS_A6 38 // historic
-#define HSK_DNS_DNAME 39
-#define HSK_DNS_SINK 40 // unimpl (joke?)
-#define HSK_DNS_OPT 41 // impl (pseudo-record edns)
-#define HSK_DNS_APL 42 // not-in-use
-#define HSK_DNS_DS 43
-#define HSK_DNS_SSHFP 44
-#define HSK_DNS_IPSECKEY 45
-#define HSK_DNS_RRSIG 46
-#define HSK_DNS_NSEC 47
-#define HSK_DNS_DNSKEY 48
-#define HSK_DNS_DHCID 49
-#define HSK_DNS_NSEC3 50
-#define HSK_DNS_NSEC3PARAM 51
-#define HSK_DNS_TLSA 52
-#define HSK_DNS_SMIMEA 53
-#define HSK_DNS_HIP 55
-#define HSK_DNS_NINFO 56 // proposed
-#define HSK_DNS_RKEY 57 // proposed
-#define HSK_DNS_TALINK 58 // proposed
-#define HSK_DNS_CDS 59
-#define HSK_DNS_CDNSKEY 60
-#define HSK_DNS_OPENPGPKEY 61
-#define HSK_DNS_CSYNC 62
-#define HSK_DNS_SPF 99 // obsolete
-#define HSK_DNS_UINFO 100 // obsolete
-#define HSK_DNS_UID 101 // obsolete
-#define HSK_DNS_GID 102 // obsolete
-#define HSK_DNS_UNSPEC 103 // obsolete
-#define HSK_DNS_NID 104
-#define HSK_DNS_L32 105
-#define HSK_DNS_L64 106
-#define HSK_DNS_LP 107
-#define HSK_DNS_EUI48 108
-#define HSK_DNS_EUI64 109
-#define HSK_DNS_TKEY 249
-#define HSK_DNS_TSIG 250
-#define HSK_DNS_IXFR 251 // unimpl (pseudo-record)
-#define HSK_DNS_AXFR 252 // unimpl (pseudo-record)
-#define HSK_DNS_MAILB 253 // experimental unimpl (qtype)
-#define HSK_DNS_MAILA 254 // obsolete unimpl (qtype)
-#define HSK_DNS_ANY 255 // impl (qtype)
-#define HSK_DNS_URI 256
-#define HSK_DNS_CAA 257
-#define HSK_DNS_AVC 258 // proposed
-#define HSK_DNS_DOA 259 // proposed
-#define HSK_DNS_TA 32768
-#define HSK_DNS_DLV 32769
-#define HSK_DNS_RESERVED 65535 // unimpl
-
-// Classes
-#define HSK_DNS_IN 1
-#define HSK_DNS_CH 3
-#define HSK_DNS_HS 4
-#define HSK_DNS_NONE 254
-// #define HSK_DNS_ANY 255
-
-// EDNS flags
-#define HSK_DNS_DO (1 << 15) // DNSSEC OK
-
-// EDNS Options
-#define HSK_DNS_OPT_RESERVED 0 // Reserved
-#define HSK_DNS_OPT_LLQ 1 // Long Lived Queries
-#define HSK_DNS_OPT_UL 2 // Update Lease Draft
-#define HSK_DNS_OPT_NSID 3 // Nameserver Identifier
-#define HSK_DNS_OPT_DAU 5 // DNSSEC Algorithm Understood
-#define HSK_DNS_OPT_DHU 6 // DS Hash Understood
-#define HSK_DNS_OPT_N3U 7 // NSEC3 Hash Understood
-#define HSK_DNS_OPT_SUBNET 8 // Client Subnet
-#define HSK_DNS_OPT_EXPIRE 9 // Expire
-#define HSK_DNS_OPT_COOKIE 10 // Cookie
-#define HSK_DNS_OPT_TCPKEEPALIVE 11 // TCP Keep-Alive
-#define HSK_DNS_OPT_PADDING 12 // Padding
-#define HSK_DNS_OPT_CHAIN 13 // Chain
-#define HSK_DNS_OPT_KEYTAG 14 // Key Tag
-#define HSK_DNS_OPT_DEVICEID 26946 // Device ID
-#define HSK_DNS_OPT_LOCAL 65001 // Beginning of local/experimental use
-#define HSK_DNS_OPT_LOCALSTART 65001 // Beginning of local/experimental use
-#define HSK_DNS_OPT_LOCALEND 65534 // End of local/experimental use
-
 void
 hsk_dns_msg_init(hsk_dns_msg_t *msg);