#1 2019-01-10 14:58:43

Sun For Miles

Member

Registered: 2017-04-12

Posts: 262

DNS flag day

If you are a sys admin you will want to know about big guns (Google, Cloudflare, Cisco, Facebook and others) shutting down support for bad (or lack of) implementation of EDNS(0) extension on 1st February 2019, potentially leaving some domains cut off from the Internet.

There are easy ways to check if your domains will be affected by testing your zone's authoritative name servers.

Further reading on:
https://dnsflagday.net/
https://www.tripwire.com/state-of-secur … -doomsday/

Compliance tester:
https://ednscomp.isc.org/ednscomp

---

Señor Chang, why do you teach Spanish?

hhh

Gaucho

From: High in the Custerdome

Registered: 2015-09-17

Posts: 16,039

Website

Re: DNS flag day

^Thanks for the info!

---

No, he can't sleep on the floor. What do you think I'm yelling for?!!!

johnraff

nullglob

From: Nagoya, Japan

Registered: 2015-09-09

Posts: 12,558

Website

Re: DNS flag day

^^Thank you.
My own domains are OK, but asazuke.com which redirects to asazuke.wordpress.com shows errors. (the latter does not)

If it's not gone in a few days I'll have to look deeper...

---

...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), now on Bluesky, there's also some GitStuff )

Introduction to the Bunsenlabs Boron Desktop

THX1138

Member

Registered: 2019-01-14

Posts: 286

Re: DNS flag day

wont this affect routers and firewalls too?

---

I’ve got this horrible feeling that if there is such a thing as reincarnation, knowing my luck, I’ll come back as me!
---------
Robotic Santa on Deviant Art

Sun For Miles

Member

Registered: 2017-04-12

Posts: 262

Re: DNS flag day

Yes, that is one big part of the picture. Network guys will be busy beavers until they figure out the way to learn how to properly set up the service, if the cause for particular DNS server to act iffy turns out to be misconfigured router/firewall.

---

Señor Chang, why do you teach Spanish?

THX1138

Member

Registered: 2019-01-14

Posts: 286

Re: DNS flag day

Thanks for the reply,
Ever since reading this thread I have been trying to figure out whether people are saying it will affect the routers that are serving DNS and webservers only, or do I need to configure the firewalls and routers on my home network too? I have to admit some of the language surrounding EDNS is confusing to me and I have information overload at the moment so am not seeing it perhaps.

---

I’ve got this horrible feeling that if there is such a thing as reincarnation, knowing my luck, I’ll come back as me!
---------
Robotic Santa on Deviant Art

Sun For Miles

Member

Registered: 2017-04-12

Posts: 262

Re: DNS flag day

If your home Internet connection is working properly and you haven't noticed any trouble opening websites (symptoms like slow loading of pages, unable to resolve certain domains), then no action is required at your side.

About EDNS, I agree that it's kind of confusing. For me the confusing part is the fact that nobody was seriously developing forward the technology that is underlying the whole Internet (DNS), and current EDNS solution looks to me like Frankenstein in IT world.

---

Señor Chang, why do you teach Spanish?