[dns-operations] How Stack Overflow plans to survive the next DNS attack
Randy Bush
randy at psg.com
Thu Jan 12 01:26:51 UTC 2017
>> I generally agree, but there is some nuance here, eg: if I want to reset my
>> serial, NOTIFY is of no help.
>
> actually it is, it's just not well documented. given $wrong and
> $right, where $wrong> $right using serial-number arithmetic as defined
> for TCP sequence numbers, you do this:
>
> step 1: set serial = $wrong + 0x7fffffff, send notify, observe transfer
> step 2: set serial = $right, send notify, observe transfer
>
> obviously this depends on $wrong - $right < 0x80000000, but that's
> usually the case. if it's not, then more steps or different offsets
> may be needed in "step 1" above.
someone should write an rfc on this
More information about the dns-operations
mailing list