Apparently, some DNS query implementations use an "0x20 bit encoding" to add additional random bits to the query ID for poisoning attack resistance.
I've been trying to track down a DNS latency issue in my network and noticed a device doing this and initially thought it was malware, but there is an RFC[0](though expired), and Google announced that they had implemented this for queries from their public DNS servers in 2023[1].
I've been trying to track down a DNS latency issue in my network and noticed a device doing this and initially thought it was malware, but there is an RFC[0](though expired), and Google announced that they had implemented this for queries from their public DNS servers in 2023[1].
0. https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns...
1. https://groups.google.com/g/public-dns-discuss/c/KxIDPOydA5M