You are not logged in.

#1 2019-01-10 14:58:43

Sun For Miles
Member
Registered: 2017-04-12
Posts: 125

DNS flag day

If you are a sys admin you will want to know about big guns (Google, Cloudflare, Cisco, Facebook and others) shutting down support for bad (or lack of) implementation of EDNS(0) extension on 1st February 2019, potentially leaving some domains cut off from the Internet.

There are easy ways to check if your domains will be affected by testing your zone's authoritative name servers.

Further reading on:
https://dnsflagday.net/
https://www.tripwire.com/state-of-secur … -doomsday/

Compliance tester:
https://ednscomp.isc.org/ednscomp


Señor Chang, why do you teach Spanish?

Offline

#2 2019-01-11 01:16:21

hhh
That's it!
Registered: 2015-09-17
Posts: 7,016
Website

Re: DNS flag day

^Thanks for the info!

Offline

#3 2019-01-11 05:45:50

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,101
Website

Re: DNS flag day

^^Thank you.
My own domains are OK, but asazuke.com which redirects to asazuke.wordpress.com shows errors. (the latter does not)

If it's not gone in a few days I'll have to look deeper...


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#4 2019-01-16 18:23:51

THX1138
Member
Registered: 2019-01-14
Posts: 191

Re: DNS flag day

wont this affect routers and firewalls too?


The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there

Offline

#5 2019-01-16 19:42:26

Sun For Miles
Member
Registered: 2017-04-12
Posts: 125

Re: DNS flag day

Yes, that is one big part of the picture. Network guys will be busy beavers until they figure out the way to learn how to properly set up the service, if the cause for particular DNS server to act iffy turns out to be misconfigured router/firewall.


Señor Chang, why do you teach Spanish?

Offline

#6 2019-01-16 19:57:22

THX1138
Member
Registered: 2019-01-14
Posts: 191

Re: DNS flag day

Thanks for the reply,
Ever since reading this thread I have been trying to figure out whether people are saying it will affect the routers that are serving DNS and webservers only, or do I need to configure the firewalls and routers on my home network too? I have to admit some of the language surrounding EDNS is confusing to me and I have information overload at the moment so am not seeing it perhaps.


The telephone is an antiquity - you never know who is calling, there is no image, it is an outmoded product which constantly disrupts work (Ralf Hutter (Kraftwerk)) ps: my wife knows how much I dislike being disrupted at Work - Ralf Hutter hit the nail on the head there

Offline

#7 2019-01-17 14:07:35

Sun For Miles
Member
Registered: 2017-04-12
Posts: 125

Re: DNS flag day

If your home Internet connection is working properly and you haven't noticed any trouble opening websites (symptoms like slow loading of pages, unable to resolve certain domains), then no action is required at your side.

About EDNS, I agree that it's kind of confusing. For me the confusing part is the fact that nobody was seriously developing forward the technology that is underlying the whole Internet (DNS), and current EDNS solution looks to me like Frankenstein in IT world.


Señor Chang, why do you teach Spanish?

Offline

Board footer

Powered by FluxBB