- Technical Summary
DNS uses UDP for most of its query resolution process, to protect against
forged UDP replies DNS has relied on a Query-ID field that is 16
bits long.
The size of this field was adequate when network connections
were slower than
is common today. The document documents measures to extend the effective
Query-ID by using all available UDP ports, different source address (when
possible) and using different authorative servers.
All of the measures documented in the document, have been in use
in certain
implementations for a long time, and recently been almost universally
deployed in all major implementations.
- Working Group Summary
There is a broad consensus that this important document be published.
- Protocol Quality
The techniques described in the document have been implemented
and are in use
use by number of implementations, with no interoperabilty
issues. The only issues
observed have been related to inability to allocate large number
of open ports on
certain operating systems, and firewalls/IDS not expecting the use of
random ports by DNS resolvers.