[dns-operations] Why non-repeating transaction IDs?

Florian Weimer fw at deneb.enyo.de
Thu Nov 1 16:35:12 UTC 2007

* Paul Vixie:

>> > "in use" means there is an outward bound query still in flight,
>> > which hasn't timed out or been answered yet.  although the full
>> > uniqueness tuple includes the remote server and i could reuse a
>> > <SADDR,SPORT,QID> when talking to a different remote server, i
>> > don't.  but in practice i've hardly ever measured a QID collision
>> > even under high stress benchmarks.
>> What badness happens when there is a collision?
>> Why do you need to avoid it?
> i'm using a per-socket array to demux responses.

I don't think this answers my question.  Do you use the ID as an array
index?  In this case, you can still get the next random number if the
slot is already taken.  You can attach a list of pending queries to the
bucket, too.

Sorry, I still don't get it why you significantly increase risk by not
using a PRNG which is accepted to be at least halfway cryptographically
strong (periodically rekeyed RC4, with the first few dozen bytes
discarded, for instance).

More information about the dns-operations mailing list