1 comment

[ 3.7 ms ] story [ 9.1 ms ] thread
Apparently, some DNS query implementations use an "0x20 bit encoding" to add additional random bits to the query ID for poisoning attack resistance.

I've been trying to track down a DNS latency issue in my network and noticed a device doing this and initially thought it was malware, but there is an RFC[0](though expired), and Google announced that they had implemented this for queries from their public DNS servers in 2023[1].

0. https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns...

1. https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M