djbdns doesn't do anything magic, and the first good answer still wins; it's just that the patch everyone else had to apply -- to enable source port randomization, which makes it harder for an attacker to provide a "good answer" -- was already built-in to djbdns. Now that everyone's had to patch, djbdns is just as resistant (or not, see the end of the article) as everyone else.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds