[dns-operations] How Stack Overflow plans to survive the next DNS attack

Randy Bush randy at psg.com
Thu Jan 12 01:26:51 UTC 2017

>> I generally agree, but there is some nuance here, eg: if I want to reset my
>> serial, NOTIFY is of no help.
> actually it is, it's just not well documented. given $wrong and
> $right, where $wrong> $right using serial-number arithmetic as defined
> for TCP sequence numbers, you do this:
> step 1: set serial = $wrong + 0x7fffffff, send notify, observe transfer
> step 2: set serial = $right, send notify, observe transfer
> obviously this depends on $wrong - $right < 0x80000000, but that's
> usually the case. if it's not, then more steps or different offsets
> may be needed in "step 1" above.

someone should write an rfc on this

More information about the dns-operations mailing list