Apparently, some DNS query implementations use an "0x20 bit encoding" to add additional random bits to the query ID for poisoning attack resistance.
I've been trying to track down a DNS latency issue in my network and noticed a device doing this and initially thought it was malware, but there is an RFC[0](though expired), and Google announced that they had implemented this for queries from their public DNS servers in 2023[1].
1 comment
[ 3.7 ms ] story [ 9.1 ms ] threadI've been trying to track down a DNS latency issue in my network and noticed a device doing this and initially thought it was malware, but there is an RFC[0](though expired), and Google announced that they had implemented this for queries from their public DNS servers in 2023[1].
0. https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns...
1. https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M