[dns-operations] How Stack Overflow plans to survive the next DNS attack

Jared Mauch jared at puck.nether.net
Thu Jan 12 12:05:46 UTC 2017


There is likely nothing stopping notify over TCP. People could use that :-)

Jared Mauch

> On Jan 11, 2017, at 3:37 PM, Paul Vixie <vixie at tisf.net> wrote:
> 
> NOTIFY was defined that way because folks wanted it to be able to work over UDP, and we knew that UDP source addresses could be spoofed. thus it's very lightweight and there is no value at all to an attacker who spoofs a NOTIFY.





More information about the dns-operations mailing list