[dns-operations] How Stack Overflow plans to survive the next DNS attack
jared at puck.nether.net
Thu Jan 12 12:05:46 UTC 2017
There is likely nothing stopping notify over TCP. People could use that :-)
> On Jan 11, 2017, at 3:37 PM, Paul Vixie <vixie at tisf.net> wrote:
> NOTIFY was defined that way because folks wanted it to be able to work over UDP, and we knew that UDP source addresses could be spoofed. thus it's very lightweight and there is no value at all to an attacker who spoofs a NOTIFY.
More information about the dns-operations