GET

Unit Instance

Units API.

See the Weblate's Web API documentation for detailed description of the API.

GET /api/units/30897/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "translation": "https://weblate.info.ucl.ac.be/api/translations/cnp3-ebook/protocolsdnssec/fr/?format=api",
    "source": [
        "Fortunately, designers of DNS servers and resolvers have found solutions to mitigate this type of attack. The easiest approach would have been to update the format of the DNS requests and responses to include a larger `Identifier` field. Unfortunately, this elegant solution was not possible with the DNS because the DNS messages do not include any version number that would have enabled such a change. Since the DNS messages are exchanged inside UDP segments, the DNS developers found an alternate solution to counter this attack. There are two ways for the DNS library used by Alice to send her DNS requests. A first solution is to bind one UDP source port and always send the DNS requests from this source port (the destination port is always port ``53``). The advantage of this solution is that Alice's DNS library can easily receive the DNS responses by listening to her chosen port. Unfortunately, once the attacker has found the source port used by Alice, he only needs to send 65,536 DNS responses to inject an invalid response. Fortunately, Alice can send her DNS requests in a different way. Instead of using the same source port for all DNS requests, she can use a different source port for each request. In practice, each DNS request will be sent from a different source port. From an implementation viewpoint, this implies that Alice's DNS library will need to listen to one different port number for each pending DNS request. This increases the complexity of her implementation. From a security viewpoint there is a clear benefit since the attacker needs to guess both the 16 bits `Identifier` and the 16 bits `UDP source port` to inject a fake DNS response. To generate all possible DNS responses, the attacker would need to generate almost :math:`2^{32}` different messages, which is excessive in today's networks. Most DNS implementations use this second approach to prevent these cache poisoning attacks."
    ],
    "previous_source": "",
    "target": [
        ""
    ],
    "id_hash": -1172765955071811264,
    "content_hash": -1172765955071811264,
    "location": "../../protocols/dnssec.rst:86",
    "context": "",
    "note": "",
    "flags": "",
    "state": 0,
    "fuzzy": false,
    "translated": false,
    "approved": false,
    "position": 9,
    "has_suggestion": false,
    "has_comment": false,
    "has_failing_check": false,
    "num_words": 319,
    "source_unit": "https://weblate.info.ucl.ac.be/api/units/35987/?format=api",
    "priority": 100,
    "id": 30897,
    "web_url": "https://weblate.info.ucl.ac.be/translate/cnp3-ebook/protocolsdnssec/fr/?checksum=6fb97f93d345e140",
    "url": "https://weblate.info.ucl.ac.be/api/units/30897/?format=api",
    "explanation": "",
    "extra_flags": "",
    "pending": false,
    "timestamp": "2021-08-27T15:42:26.821136+02:00"
}