Yesterday, Google launched its new Public DNS service. Among the benefits that Google is claiming for the new service is that it helps to secure DNS for users.
Is that an accurate claim?
One of the big issues that security researcher Dan Kaminsky disclosed about DNS insecurity in 2008 was that DNS request information isn’t quite as random as it should be. The way DNS works is that each DNS request is supposed to carry with it a random number
transaction ID. But it turns out that the random number is only one out
of 65,000. DNS is at risk when there isn’t enough randomization and a hacker can ‘guess’ the number.
So is Google’s Public DNS random enough?
I got a comment from famed security researcher, H D Moore on that point. Moore knows what he’s talking about when it comes to DNS exploits as his Metasploit tool was among the first to have a weaponized version of the Kaminsky DNS flaw.
Moore has now put together a mapping of Google’s source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports.
Here’s his graph, click for the full size. (credit: H D Moore, Rapid7):