DNS Flag Day

DNS Flag Day, will your website survive?

The current Domain Name System (DNS) has been used on the Internet for more than 30 years. It is time for its worldwide maintenance now which is for the first time in the existence of DNS, require coordinated actions from all operators of DNS servers and DNSSEC validators.

What is going on?

A number of DNS software and service providers (including ISC) have announced that they will cease implementing DNS resolver workarounds to accommodate DNS authoritative systems that don’t follow the EDNS protocol. Each software vendor has pledged to roll out this change in some version of their software by the ‘Flag Day.’ Resolver service providers who have indicated their support for DNS Flag day will be making similar changes to their online recursive services on, or soon after February 1 2019.

In practice, this means that servers that do not respond to queries with EDNS extensions will stop functioning after 1 February for clients, and domains hosted on these servers will become inaccessible!

If your company’s DNS zones are served by non-compliant servers, it will not suddenly disappear on this date. Instead, your online presence will slowly degrade or disappear as cloud resolver operators, ISPs and corporate resolver administrators upgrade their software. When you update your own internal DNS resolvers to versions that don’t implement workarounds, some sites and email servers may become unreachable.

Who support this?

How it will affect me?

Authoritative server operators should ensure that their name server implementation is correctly responds to queries with EDNS extensions by 31 January 2019 the latest.

In accordance with the published plan, major DNS software vendors will discontinue support for servers that violate both the DNS standard RFC 6891 and its predecessor RFC 2671 after 1 February 2019.

In practice, this means that servers that do not respond to queries with EDNS extensions will stop functioning after 1 February for clients, and domains hosted on these servers will become inaccessible!

If your company’s DNS zones are served by non-compliant servers, it will not suddenly disappear on this date. Instead, your online presence will slowly degrade or disappear as cloud resolver operators, ISPs and corporate resolver administrators upgrade their software. When you update your own internal DNS resolvers to versions that don’t implement workarounds, some sites and email servers may become unreachable.

How can I know whether my domain is safe or not ?

You can test your domains and authoritative DNS servers through testing tools inside this dedicated website dnsflagday.net .

In the blank space as shown below, simply enter the your domain name without the www and click “Test!”.

If what you see is just as below, congratulation! Your authoritative server is ready for the DNS Flag Day. No problems should be encountered.

The test result will be shown as below if your authoritative server has a problem.

How to resolve the problem?

  1. This problem could be easily solved by simply updating the DNS software on the name servers hosting your designated domain. In rare cases, the problem may be caused by an over-strict firewall that discards DNS queries with EDNS extensions.
  2. If your DNS version is outdated and you can’t do anything about it, simply drop us an email at sales@netonboard.com and our team will assists you further to migrate your domain to our latest DNS with just as low as RM30 !

 

Adapted and referred from https://dnsflagday.net/, https://blog.apnic.net, https://www.isc.org