dnsflagday icon indicating copy to clipboard operation
dnsflagday copied to clipboard

Published 20 hours ago verified publisher icon dns-violations

[discussion] Answers must copy exact letter case from QuErY (0x20)

Open pspacek opened this issue 5 years ago • 1 comments

Specification: https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00

Expected advantage: Little bit safer DNS queries, entropy added to queries makes it harder for attackers to spoof DNS answers.

Expected disadvantage: None

Expected implementation complexity for software developers: Negligible

Expected non-compliance: Small, major open-source DNS implementations already preserve query letter case correctly.

Research to confirm assumptions: TBD

pspacek avatar Apr 29 '19 06:04 pspacek

While I'd like to see 0x20, I question whether it really has much value. While it is one more source of anti-spoofing entropy we could use, we already don't really have much of a problem with spoofing as it is, and spoofing is better defended against with DNSSEC anyway.

Maybe roll it into "let's have a flag day for multiple issues at once", but I wouldn't bother pursuing it standalone.

vttale avatar May 12 '19 09:05 vttale