[dns-operations] How Stack Overflow plans to survive the next DNS attack

Andrew Sullivan ajs at anvilwalrusden.com
Wed Jan 11 14:35:20 UTC 2017

On Wed, Jan 11, 2017 at 09:28:36AM -0500, Jared Mauch wrote:
> > On Jan 11, 2017, at 8:08 AM, Tony Finch <dot at dotat.at> wrote:

> > NOTIFY fixed this problem 20 years ago.
> > 
> I generally agree, but there is some nuance here, eg: if I want to reset my
> serial, NOTIFY is of no help.

Right, and quite apart from the other issues you noted, NOTIFY can get
lost, and NOTIFY does not actually provide a confirmation that it was
received or that the subsequent transaction happened.  So NOTIFY is
not a push, it's a "please pull" request.  The difference is subtle,
but in an environment where people are using 30s TTLs in an effort to
steer traffic the difference may be important.  (That IXFR-only never
got standardized is another problem for the same class of people.)

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list