NAME
dns_random - The dns_random library interface
SYNOPSIS
#include <dns.h>
dns_random_init(seed);
r = dns_random(m);
char seed[128];
unsigned int r;
unsigned int m;
DESCRIPTION
dns_random computes a pseudorandom 32-bit integer and returns that
integer modulo m. It returns 0 if m is 0.
dns_random_init initializes the pseudorandom number generator, taking
account of seed, the current process ID, and the current time.
Notes on DNS query security
A DNS client will accept any response that shows up at the right time,
is addressed from the IP address of the legitimate server, is addressed
to the UDP port used in the DNS query, repeats the query name and type
used in the DNS query, and repeats the 16-bit ID used in the DNS query.
An active sniffing attacker can easily forge responses by copying
information from queries. Blind attackers need to guess the time, UDP
port, and ID for the targeted query name.
The dns_transmit(3) functions use dns_random to create query IDs and
UDP ports. The dns_random generator is designed to be extremely
difficult to predict for an attacker who cannot guess seed. Note,
however, that there are only about a billion possible ID-port pairs, so
a prolonged blind attack will succeed eventually.
SEE ALSO
dns_domain(3), dns_ip4(3), dns_ip4_qualify(3), dns_mx(3), dns_name4(3),
dns_packet(3), dns_transmit(3), dns_txt(3)
http://cr.yp.to/djbdns/blurb/library.html
dns_random(3)