DNS Flag Day 2019: What You Need To Know

DNS Flag Day 2019: What You Need To Know

On February 1st, 2019, DNS Flag Day is happening. This change could have an effect on all of your websites if you are using a DNS that is out of date and not compliant with modern standards. The current DNS system, updated almost 20 years ago, is still currently slow and inefficient just to accomodate a few non-compliant DNS systems. If you do not have any websites, you will only be affected indirectly, as some of your favorite websites may be down until they are upgraded.

For most domain owners, there is nothing to worry about. For some others, however, it could mean hours of downtime. A movement by major DNS providers to put an end to out-of-date software and force any non-compliant software to become more DNS-compliant. This new measure of compliance will increase the speed and security of outdated servers and software on the Internet.

Several major companies including Quad9, Google, Cloudflare, PowerDNS, Facebook, CISCO, NLNETLabs, and CleanBrowsing are all on board in pushing for the compliance. The compliance will require outdated servers to be truthful in answering requests from recursive revolves. If you are a DNS administrator, you may have to update your software. The change will make the entire DNS service more efficient and secure, particularly in blocking DDoS attacks.

Compliance issues will arise if the DNS reolver service receives these non-compliant responses:

  • BIND 9.13.3 (development) and 9.14.0 (production)
  • Knot Resolver has already implemented stricter EDNS handling in all current versions
  • PowerDNS Recursor 4.2.0
  • Unbound 1.9.0

In the past, these would be ignored, causing the entire DNS service to slow down in order to wait for a response to be received. In an effort to speed up the DNS service, whereas these types of messages were seen as work-arounds, are now seen as non-compliant responses and returned as errors.

If you are worried, you can easily test to ensure your DNS provider will not be effected by this change by running a test.

Upon testing, you will receive further instructions about what to do if your server is not compliant with modern standards. Otherwise, you will receive additional technical information about your website.

EDNS Compliance Tester

Checking: ‘runcloud.io’ as at 2019-01-31T04:58:56Z

runcloud.io. @173.245.58.103 (beth.ns.cloudflare.com.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (4m234)
runcloud.io. @2400:cb00:2049:1::adf5:3a67 (beth.ns.cloudflare.com.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (4m220)

runcloud.io. @173.245.59.124 (jeff.ns.cloudflare.com.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (4m282)
runcloud.io. @2400:cb00:2049:1::adf5:3b7c (jeff.ns.cloudflare.com.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok,nsid,subnet (4m278)

All Ok

Codes

  • ok – test passed.
  • nsid – NSID supported [RFC5001].
  • subnet – EDNS Client Subnet supported [RFC7871].

To retrieve this report in the future: https://ednscomp.isc.org/ednscomp/952d328109

While the rules for the update may seem strict, the change will ensure more proficiency on the web. The RunCloud software passes the test and should have no effect in the results of the test on your website, but we will definitely be around to assist any of our users with any issues that may arise. If you have multiple websites on the same server using RunCloud, you only need to test a single website.

We do encourage you to visit DNS Flag Day website and test your website before February 1, 2019. For more information, please visit dnsflagday.net.

Ready to get started?

Start your free trial today.

Start My 5-Days Free Trial no credit card required

Leave a Reply

Your email address will not be published. Required fields are marked *