@techreport{ohta-practically-secure-dns-00,
    number =    {draft-ohta-practically-secure-dns-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ohta-practically-secure-dns/00/},
    author =    {Dr. Masataka Ohta},
    title =     {{Practically Secure DNS}},
    pagetotal = 4,
    year =      2011,
    month =     oct,
    day =       24,
    abstract =  {Plain DNS without PKI is secure, if a chain of query/response communications between a client and an authoritative server relayed by zero or more intermediate resolvers and the authoritative server and all the resolvers are secure. However, because of short (16bit) message ID, the communications composing the chain are not very secure without, or even with (port exhaustion attack is possible), source port randomization. Still, plain DNS can be made practically secure, if the client makes two queries with independent message IDs to an address of a server (a resolver or a name server) and confirm that two replies are identical.},
}