Consider implementing random case to increase message entropy (0x20 hack)
clue opened this issue · comments
Implementing random case for outgoing DNS queries can help improve message entropy and significantly reduce the risk for DNS poisoning attacks for certain scenarios.
Links for the reference:
- https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
- https://serverfault.com/questions/759934/can-dns-response-answers-be-in-a-different-case-than-the-query
- https://serverfault.com/questions/261341/is-the-hostname-case-sensitive
This is particularly relevant for UDP queries (the default) and may be less so for in-flight messages over connection oriented protocols (#19 and #80).
I'm not working on this at the moment, but figured it's worth posting this here anyway. In case anybody feels like picking this up, PRs would be much appreciated 👍
Consider using a CSPRNG as a first counter-measure first, PR already exists in #65.