Are you ready for the DNS flag day?

Jan 29, 2019  - written by  in Domain names

The Domain Name System (DNS) has been around since the early 1980s, at a time when networking was a lot different than it is today, and especially the size of messages that could be reliably exchanged between two computers was much smaller than it is now. As the Internet grew and technology advanced, it became clear that the DNS would need extensions in order, for example, to offer new security features that address threats (such as DNS spoofing) that didn’t exist 35 years ago.

As far back as 1999, the first specification for DNS extensions (also called EDNS) was published and software developers have been implementing DNS extensions ever since. Meanwhile, some sites still operate software that doesn’t comply with the EDNS protocol, and as a result, DNS service providers have had to implement workarounds to accommodate this non-compliant software. However, these workarounds slow down DNS performance and make it difficult to implement new DNS extensions.

On February 1, on what’s being called “DNS Flag Day,” DNS software vendors and service providers will no longer support these workarounds.

 

DNS flag day – what it is?

On February 1, 2019, major DNS software and services will be rolling out a new version of their DNS systems which will be compliant with the EDNS protocol.

This means that after February 1, major DNS software vendors will discontinue support for servers that have firewalls or DNS implementations that are not updated or have incorrectly implemented the EDNS standard.

 

What does DNS Flag Day mean for you?

After February 1, those servers that do not use the EDNS protocol will no longer function reliably and may become unavailable.
This means that all clients and domains hosted on these servers may become inaccessible.

 

Please note that Gandi‘s nameservers will not be affected.

If your domain name(s) use our old nameservers a/b/c.dns.gandi.net or our new livedns nameservers, you can stop reading here…everything is under control!

 

What should you do?

The first step is to ensure that your authoritative DNS server is in line with the EDNS protocol. You can check your server(s) by using the testing tool available on the DNS Flag Day website. It is very simple to use, you just need to fill in your domain name(s) in the form and click “Test!”.

If you see the following message, your domain name is compliant and you don’t have to take any further action.

If your domain is affected, you will see the following warning:

This means that if you or your technical provider don’t update the DNS software used by your domain name, your domain will stop working.

 

What to do if your domain is affected?

You should contact your technical team or technical provider in charge of managing the DNS software used by your domain name(s) to ensure it is compliant with the EDNS protocol requirement and that there no issue with the firewall configuration.
They may need to update the DNS software to its latest stable version to resolve any non-compliance issue.

If you can’t contact your technical team or technical provider or if they are unable to update the software before February 1, we recommend you to switch to our nameservers.

However, if you choose the latter option, be sure to properly add all of the DNS records currently set up in the DNS zone of the impacted domain name(s)— otherwise you may break the your website, email, or other services attached to your domain.