DNS query repetition ( was DNS Hardening )
In an earlier thread, Jon Levine asked
Other than DNSSEC, I'm aware of these relatively simple hacks to add entropy to DNS queries.
1) Random query ID
2) Random source port
3) Random case in queries, e.g. GooGLe.CoM
4) Ask twice (with different values for the first three hacks) and compare the answers
I presume everyone is doing the first two. Any experience with the other two to report?
I have implemented a (public domain) DNS cache "GbDns" that implements both 3 and 4 ( and also DnsCurve ). For non-deterministic authorities, such as Akamai, more that 2 queries are needed, and some relatively complex code. It turns out to be completely practical, albeit leading to an increase in the number of packets. Source code and a link to an IETF draft that describes the method is at http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/ Regards, George Barwood ( New subscriber, hence the new thread )
participants (1)
-
George Barwood