diff --git a/defaults.go b/defaults.go
index a29c8c8f..93e5e0f0 100644
--- a/defaults.go
+++ b/defaults.go
@@ -5,14 +5,14 @@
 package dns
 
 import (
+	"errors"
 	"net"
 	"strconv"
 )
 
 const hexDigit = "0123456789abcdef"
 
-// Everything is assumed in the ClassINET class. If
-// you need other classes you are on your own.
+// Everything is assumed in ClassINET.
 
 // SetReply creates a reply packet from a request message.
 func (dns *Msg) SetReply(request *Msg) *Msg {
@@ -165,6 +165,18 @@ func IsSubDomain(parent, child string) bool {
 	return CompareDomainName(parent, child) == CountLabel(parent)
 }
 
+// IsMsg sanity checks buf and returns an error if it isn't a valid DNS packet.
+// The checking is performed on the binary payload.
+func IsMsg(buf []byte) error {
+	// Header
+	if len(buf) < 12 {
+		return errors.New("dns: bad message header")
+	}
+	// Header: Opcode
+
+	return nil
+}
+
 // IsFqdn checks if a domain name is fully qualified.
 func IsFqdn(s string) bool {
 	l := len(s)
diff --git a/msg.go b/msg.go
index be5aaa09..0259ebb7 100644
--- a/msg.go
+++ b/msg.go
@@ -1535,6 +1535,7 @@ func (dns *Msg) Unpack(msg []byte) (err error) {
 	// If we see a TC bit being set we return here, without
 	// an error, because technically it isn't an error. So return
 	// without parsing the potentially corrupt packet and hitting an error.
+	// TODO(miek): this isn't the best strategy!
 	if dns.Truncated {
 		dns.Answer = nil
 		dns.Ns = nil