[dns-operations] [Ext] Nameserver responses from different IP than destination of request
Ralf Weber
dns at fl1ger.de
Tue Sep 1 09:12:04 UTC 2020
Moin!
On 1 Sep 2020, at 3:36, Paul Hoffman wrote:
> On Aug 31, 2020, at 6:02 PM, Brian Dickson
> <brian.peter.dickson at gmail.com> wrote:
>> I think the only way to get meaningful data would be an active
>> experiment, involving an authority server (or set of servers) for a
>> domain set up just this way.
>
> We disagree. Another way to get meaningful data would be from
> someone's logs, if we can find people who are logging.
Logging this behaviour is hard as you either have record all traffic and
the correlate queries and responses, or you have to have some
complicated logic in your server software that discovers it and logs it,
none of which IMHO is a good use of resources. Form my read of the
thread we all agree that we should ignore these queries and it is what
most DNS software does.
As Google brought it up they seem to measure it and maybe they can
provide data.
I can not believe that over then years after Kaminsky where we scrambled
to increase entropy by every bit we could find somewhere (source port
and 0x20) that we are even considering decreasing it by allowing replies
from 2^32 to 2^128 source addresses.
So long
-Ralf
-——
Ralf Weber
More information about the dns-operations
mailing list