Subject: Re: randomid(3)
To: Robert Elz <kre@munnari.OZ.AU>
From: None <>
List: tech-security
Date: 09/10/2003 20:53:40
>  | 	first we'll use this from:
>  | 	- lib/libc/net (DNS query ID)
>it is absurdly overblown for DNS queries.  The transaction ID in DNS
>packets is (from rfc1035)...
>ID              A 16 bit identifier assigned by the program that
>                generates any kind of query.  This identifier is copied
>                the corresponding reply and can be used by the requester
>                to match up replies to outstanding queries.
>For the purposes of our resolver, using "0" all the time would almost be just
>fine I suspect, as it is probably unlikely that there are many concurrent
>outstanding queries (this is the libc resolver, as distinct from what
>the nameserver does, of course).   Certainly using 0 1 2 3 ... for queries
>as they're sent (which would help eliminate ancient replies that arrive
>well after the code had given up waiting) is all that is ever needed.
>Anyone who believes that setting the ID to a random value, with the
>thought in the back of their mind that this is adding "security" by
>making it hard to spoof replies is simply deluding themselves.

	i would suggest you to see what dnsspoof(8) in dsniff package is
	capable of.  the attacks are real, and unpredictable ID is an important
	protection.  the real world is much scarier place than you think.