In an earlier thread, Jon Levine asked > Other than DNSSEC, I'm aware of these relatively simple hacks to add > entropy to DNS queries.
> 1) Random query ID > 2) Random source port > 3) Random case in queries, e.g. GooGLe.CoM > 4) Ask twice (with different values for the first three hacks) and compare > the answers > I presume everyone is doing the first two. Any experience with the other > two to report? I have implemented a (public domain) DNS cache "GbDns" that implements both 3 and 4 ( and also DnsCurve ). For non-deterministic authorities, such as Akamai, more that 2 queries are needed, and some relatively complex code. It turns out to be completely practical, albeit leading to an increase in the number of packets. Source code and a link to an IETF draft that describes the method is at http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/ Regards, George Barwood ( New subscriber, hence the new thread )
