[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS query repetition ( was DNS Hardening )

Subject: DNS query repetition ( was DNS Hardening )
From: george.barwood at blueyonder.co.uk (George Barwood)
Date: Sat, 8 Aug 2009 21:44:15 +0100

In an earlier thread, Jon Levine asked

> Other than DNSSEC, I'm aware of these relatively simple hacks to add 
> entropy to DNS queries.

> 1) Random query ID

> 2) Random source port

> 3) Random case in queries, e.g. GooGLe.CoM

> 4) Ask twice (with different values for the first three hacks) and compare 
> the answers

> I presume everyone is doing the first two.  Any experience with the other 
> two to report?

I have implemented a (public domain) DNS cache "GbDns" that implements both 
3 and 4 ( and also DnsCurve ).

For non-deterministic authorities, such as Akamai, more that 2 queries are 
needed, and some relatively complex code.

It turns out to be completely practical, albeit leading to an increase in 
the number of packets.

Source code and a link to an IETF draft that describes the method is at

http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/

Regards,
George Barwood

( New subscriber, hence the new thread )

Prev by Date: sat-3 cut?
Next by Date: Botnet hunting resources (was: Re: DOS in progress ?)
Previous by thread: ServerBeach Name Server Outage?
Next by thread: IPv6 Interview: Martin J. Levy of Hurricane Electric
Index(es):
- Date
- Thread