[116468] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

DNS hardening, was Re: Dan Kaminsky

daemon@ATHENA.MIT.EDU (John Levine)
Wed Aug 5 12:49:16 2009

Date: 5 Aug 2009 16:48:23 -0000
From: John Levine <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <4A7870BA.4020704@xyonet.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.

1) Random query ID

2) Random source port

3) Random case in queries, e.g. GooGLe.CoM

4) Ask twice (with different values for the first three hacks) and
compare the answers

I presume everyone is doing the first two.  Any experience with the
other two to report?

R's,
John


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[116468] in North American Network Operators' Group

DNS hardening, was Re: Dan Kaminsky

daemon@ATHENA.MIT.EDU (John Levine)Wed Aug 5 12:49:16 2009

daemon@ATHENA.MIT.EDU (John Levine)
Wed Aug 5 12:49:16 2009