[dns-operations] ip id from servers

Randy Bush randy at psg.com
Thu Mar 11 09:40:31 UTC 2010

i suspect that some dns server ip stacks are hand crafted or the load
balancers in front of them are.  i suspect implementors focused on port
randomization but may have neglected ip id randomization.  and they
might have forgotten about other little formalities in the ip stack as

as our interest was the routing frames on the tapped link, we're happy
knowing that the anomalies we are seeing can be blamed on you dns folk
and safely ignored. :) if the paper is too short, we can add a paragraph
with this little story. :)

there might be a viable paper on dns ip level mis-behavior buried in all
this.  but i'll leave that to some other researchers.  duane, you still
playing in this space?


More information about the dns-operations mailing list