[dns-operations] How Stack Overflow plans to survive the next DNS attack
Andrew Sullivan
ajs at anvilwalrusden.com
Wed Jan 11 14:35:20 UTC 2017
On Wed, Jan 11, 2017 at 09:28:36AM -0500, Jared Mauch wrote:
> > On Jan 11, 2017, at 8:08 AM, Tony Finch <dot at dotat.at> wrote:
> > NOTIFY fixed this problem 20 years ago.
> >
>
> I generally agree, but there is some nuance here, eg: if I want to reset my
> serial, NOTIFY is of no help.
Right, and quite apart from the other issues you noted, NOTIFY can get
lost, and NOTIFY does not actually provide a confirmation that it was
received or that the subsequent transaction happened. So NOTIFY is
not a push, it's a "please pull" request. The difference is subtle,
but in an environment where people are using 30s TTLs in an effort to
steer traffic the difference may be important. (That IXFR-only never
got standardized is another problem for the same class of people.)
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list