cmd/resolver: replace "math/rand" with "crypto/rand"

The random number from "math/rand" is predictable if the seed is known.
Even though the random number here is only for generating unique request
ID, we still need to prevent this by using more secure random number.

1 files changed, 14 insertions, 6 deletions

diff --git a/cmd/resolver/resolver.go b/cmd/resolver/resolver.go
index 72204e4..9561089 100644
--- a/cmd/resolver/resolver.go
+++ b/cmd/resolver/resolver.go
@@ -4,11 +4,13 @@
 package main
 
 import (
+	"crypto/rand"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
-	"math/rand"
+	"math"
+	"math/big"
 	"os"
 	"strconv"
 	"strings"
@@ -773,15 +775,21 @@ func (rsol *resolver) newRescachedClient() (resc *rescached.Client) {
 
 func (rsol *resolver) query(timeout time.Duration, qname string) (res *dns.Message, err error) {
 	var (
-		logp = "query"
-		req  = dns.NewMessage()
-	)
+		logp    = "query"
+		req     = dns.NewMessage()
+		randMax = big.NewInt(math.MaxUint16)
 
-	rand.Seed(time.Now().Unix())
+		randv *big.Int
+	)
 
 	rsol.dnsc.SetTimeout(timeout)
 
-	req.Header.ID = uint16(rand.Intn(65535))
+	randv, err = rand.Int(rand.Reader, randMax)
+	if err != nil {
+		log.Panicf(`%s: %s`, logp, err)
+	}
+
+	req.Header.ID = uint16(randv.Int64())
 	req.Question.Name = qname
 	req.Question.Type = rsol.qtype
 	req.Question.Class = rsol.qclass