DNS hardening, was Re: Dan Kaminsky

John Levine johnl at iecc.com
Wed Aug 5 16:48:23 UTC 2009


Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.

1) Random query ID

2) Random source port

3) Random case in queries, e.g. GooGLe.CoM

4) Ask twice (with different values for the first three hacks) and
compare the answers

I presume everyone is doing the first two.  Any experience with the
other two to report?

R's,
John




More information about the NANOG mailing list