Man Linux: Main Page and Category List


       dns_random - The dns_random library interface


       #include <dns.h>

       r = dns_random(m);
         char seed[128];
         unsigned int r;
         unsigned int m;


       dns_random  computes  a  pseudorandom  32-bit  integer and returns that
       integer modulo m.  It returns 0 if m is 0.

       dns_random_init initializes the pseudorandom number  generator,  taking
       account of seed, the current process ID, and the current time.

Notes on DNS query security

       A  DNS client will accept any response that shows up at the right time,
       is addressed from the IP address of the legitimate server, is addressed
       to  the UDP port used in the DNS query, repeats the query name and type
       used in the DNS query, and repeats the 16-bit ID used in the DNS query.

       An  active  sniffing  attacker  can  easily  forge responses by copying
       information from queries. Blind attackers need to guess the  time,  UDP
       port, and ID for the targeted query name.

       The  dns_transmit(3)  functions  use dns_random to create query IDs and
       UDP ports.  The  dns_random  generator  is  designed  to  be  extremely
       difficult  to  predict  for  an  attacker who cannot guess seed.  Note,
       however, that there are only about a billion possible ID-port pairs, so
       a prolonged blind attack will succeed eventually.


       dns_domain(3), dns_ip4(3), dns_ip4_qualify(3), dns_mx(3), dns_name4(3),
       dns_packet(3), dns_transmit(3), dns_txt(3)