nanog mailing list archives

DNS hardening, was Re: Dan Kaminsky

From: John Levine <johnl () iecc com>
Date: 5 Aug 2009 16:48:23 -0000

Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.

1) Random query ID

2) Random source port

3) Random case in queries, e.g. GooGLe.CoM

4) Ask twice (with different values for the first three hacks) and
compare the answers

I presume everyone is doing the first two.  Any experience with the
other two to report?

R's,
John

Current thread:

Re: Dan Kaminsky, (continued)
- - - Re: Dan Kaminsky Ben Scott (Aug 05)
    - Re: Dan Kaminsky Jorge Amodio (Aug 05)
    - Re: Dan Kaminsky Randy Bush (Aug 07)
    - RE: Dan Kaminsky Buhrmaster, Gary (Aug 07)
    - Re: Dan Kaminsky Jorge Amodio (Aug 07)
    - QR-Codes... was: Re: Dan Kaminsky Dragos Ruiu (Aug 07)
    - Re: Dan Kaminsky Jorge Amodio (Aug 07)
    - Re: Dan Kaminsky Nick Hilliard (Aug 05)
  - Re: Dan Kaminsky Paul Vixie (Aug 04)
    - Re: Dan Kaminsky bert hubert (Aug 04)
  - DNS hardening, was Re: Dan Kaminsky John Levine (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky bert hubert (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Phil Regnauld (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
    - Re: DNS hardening, was Re: Dan Kaminsky Steven M. Bellovin (Aug 05)
    - Re: dnscurve and DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
    - Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Mark Andrews (Aug 05)
    - Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
    - RE: dnscurve and DNS hardening, was Re: Dan Kaminsky Skywing (Aug 05)
    - Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 05)
    - Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)

(Thread continues...)