[dns-operations] After Google Mail, Google Docs, Google Wave... Google DNS
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Dec 4 14:33:54 UTC 2009
On Fri, Dec 04, 2009 at 09:54:49AM +0000,
Florian Weimer <fweimer at bfk.de> wrote
a message of 23 lines which said:
> It doesn't seem to use 0x20 randomization,
You need to be whitelisted
http://code.google.com/speed/public-dns/docs/security.html
"Our current solution to this problem is to create a whitelist of
nameservers which we know apply the standards correctly, and to only
apply the case randomization technique in requests to those
servers. We also list the appropriate exception subdomains for each of
them, based on analyzing our logs. If a response that appears to come
from those servers does not contain the correct case, we reject the
response. The whitelisted nameservers comprise more than 70% of our
traffic."
(Thanks to Gilles Massen for the tip.)
More information about the dns-operations
mailing list