[aklug] DNS service impacting: DNS Flag Day for EDNS - Feb 1, 2019
Royce Williams
royce at tycho.org
Sat Jan 12 07:25:28 AKST 2019
All,
If you run a DNS domain, read this:
https://dnsflagday.net/
Major quotes:
*The current DNS is unnecessarily slow and suffers from inability to deploy
new features. To remediate these problems, vendors of DNS software and also
big public DNS providers are going to remove certain workarounds on
February 1st, 2019.*
*This change affects only sites which operate software which is not
following published standards.*
*[...]*
*The main change is that DNS software from vendors named above will
interpret timeouts as sign of a network or server problem. Starting
February 1st, 2019 there will be no attempt to disable EDNS as reaction to
a DNS query timeout.*
*This effectively means that all DNS servers which do not respond at all to
EDNS queries are going to be treated as dead.*
[end quotes]
Basically, there are mechanisms out there to retry *without* EDNS when an
EDNS query times out after a certain tim. *These fallback mechanisms are
going to be removed, which will make the Internet significantly slower for
anyone trying to reach your domain(s).*
Please check your major domains and a sampling of your minor ones (based on
platform).
Resources:
* Tester: https://ednscomp.isc.org/ednscomp
* Background: https://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS
* Bulk scanner for ISPs: https://gitlab.labs.nic.cz/knot/edns-zone-scanner/
--
Royce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20190112/8f09f46b/attachment.html>
More information about the aklug
mailing list