We do not need to change the session nonce. A simple sequence number
will prevent replay insertion into the stream and we have that in “_ser”
which rndc increases on every transaction.  The server is already looking
for replays and rejects them. 

bin/rndc/rndc.c:	DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
bin/rndc/rndc.c:	DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,

> On 18 Jan 2018, at 7:49 pm, Francis Dupont via RT <bind9-public@isc.org> wrote:
> 
> On Thu Jan 18 03:54:57 2018, muks wrote:
>> Would you be fine with incrementing the nonce on every subsequent query?
> 
> => a nonce must be not predictable so I am afraid it is not fine
> (note I said not predictable vs random as it is the wanted property
> and to take the nonce content from a random generator is
> only the common way to guarantee the property).
> 
> 
> -- 
> Ticket History: https://bugs.isc.org/Ticket/Display.html?id=46966

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org