Bob Harold writes:
> My apologies for not seeing this sooner. In section "5. Security
> Considerations":
Hi Bob,
I've been stewing over this one in my head for a few days since I saw
your message.
In short: I agree with you and am now slapping myself silly. I suspect
as is it's not "awful",
My apologies for not seeing this sooner. In section "5. Security
Considerations":
To ensure that an older CSYNC record making use of the soaminimum flag
cannot be replayed to revert values, the SOA serial number MUST NOT be
incremented by more than 2^16 during the lifetime of the signature
window
A new Request for Comments is now available in online RFC libraries.
RFC 7477
Title: Child-to-Parent Synchronization in DNS
Author: W. Hardaker
Status: Standards Track
Stream: IETF
Date: March 2015
Mailbox:
