Concise Guide to DNS and BIND, The

Query ID Pool

BIND uses random query ID numbers to match queries and answers and to make spoofing answers more difficult. This is somewhat similar to the sequence numbers used in TCP, if you're familiar with that. In any case, the more random this number is, and the less the numbers are reused due to poor randomness, the better. BIND can, at the cost of 128KB, increase the randomness of the query IDs by keeping track of which numbers have been used and to which the answer is still outstanding. The use-id-pool option, set to off by default, enables this:

options {
    …
    use-id-pool yes;
    …
};

BIND 9 enhances its random number generator, and is capable of retrieving randomness from the OS. The BSDs and Linux, for example, have a special random device—/dev/random ...

Get Concise Guide to DNS and BIND, The now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Concise Guide to DNS and BIND, The by Nicolai Langfeldt

Query ID Pool

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly