DNS hardening, was Re: Dan Kaminsky
John Levine
johnl at iecc.com
Wed Aug 5 16:48:23 UTC 2009
Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.
1) Random query ID
2) Random source port
3) Random case in queries, e.g. GooGLe.CoM
4) Ask twice (with different values for the first three hacks) and
compare the answers
I presume everyone is doing the first two. Any experience with the
other two to report?
R's,
John
More information about the NANOG
mailing list