Jul 30 – 31, 2022
Sheraton Philadelphia Downtown
US/Eastern timezone

Cache Poisoning Protection for Authoritative Queries

Jul 30, 2022, 2:00 PM
Liberty D (Sheraton Philadelphia Downtown)

Liberty D

Sheraton Philadelphia Downtown

201 North 17th Street Philadelphia PA 19103 United States
Standard Presentation Main Session OARC 38 Day 1


Puneet Sood (Google)


We discuss standard and non-standard mechanisms for protecting DNS queries against cache poisoning attacks between resolvers and name servers. The techniques covered include DNS cookies, 0x20 bit munging, nonce prefixes and DNS over TLS/QUIC. We present data from implementing these techniques in Google Public DNS and some interesting behaviors observed during the implementation.

The talk builds on the material covered at

Presentation delivery In-person at the workshop venue

Primary authors

Puneet Sood (Google) Mr Tianhao Chi (Google)

Presentation materials