<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 11, 2017 at 10:28 AM, Stephane Bortzmeyer <span dir="ltr"><<a href="mailto:bortzmeyer@nic.fr" target="_blank">bortzmeyer@nic.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Or partially (the "attacker" did receive a lot of DNS traffic,<br>
depending on the resolver's behavior).</blockquote><div><br></div><div>NS record refresh is not consistent across software implementations, so yeah, the truth is somewhere in the middle. The only public research I've seen on the topic is the following presentation, slide 8 onwards:</div><div><br></div><div><a href="https://archive.icann.org/en/meetings/siliconvalley2011/bitcache/Conclusions%20from%20DNS%20Traces%20-%20Olafur%20Gudmunsson,%20Shinkuro-vid=23075&disposition=attachment&op=download.pdf">https://archive.icann.org/en/meetings/siliconvalley2011/bitcache/Conclusions%20from%20DNS%20Traces%20-%20Olafur%20Gudmunsson,%20Shinkuro-vid=23075&disposition=attachment&op=download.pdf</a></div><div> </div></div></div></div>