Second DNS Flag Day planned

On 1 February, DNS resolver software developers and major operators ended support for badly configured and outmoded DNS servers. Resolver software versions published since that date -- known as DNS Flag Day -- haven't included workarounds for servers that don't comply with EDNS. Introduced twenty years ago, EDNS is an extension to the DNS protocol that facilitates DNSSEC use. It also helps to secure DNS information and provides for further extension of the DNS.

The findings of an evaluation of the clean-up operation have now been published and a second DNS Flag Day is being planned. A joint analysis by NLnet Labs, SIDN and the Rochester Institute of Technology has found that, in the four months after DNS Flag Day, strict resolvers went from being 15 per cent of the total resolver park to 42 per cent. The figure now stands at 44 per cent. As the chart below shows, Google's Public DNS service accounts for the lion's share of the rise.

APNIC-FlagDay img3
APNIC-FlagDay img4

More info about the impact of the first DNS Flag Day is available in a blog van APNIC.

DNS Flag Day 2020

Planning for a second DNS Flag Day has now started. The date has yet to be fixed, but the intention is that in 2020 resolver software developers will end support for fragmented DNS UDP packets. As a result, the EDNS buffer size will be limited to roughly 1220 bytes; the exact limit hasn't yet been decided. Servers will also have to be correctly configured to fall back to TCP for the transmission of larger packets. On today's internet, IP fragmentation is unreliable and liable to cause transmission problems when large DNS packets are transmitted using UDP. Fragmented packages are also vulnerable to spoofing, at least in theory. Only a small percentage of servers -- such as those that aren't correctly configured for DNS over TCP -- are likely to be affected by the change. Authoritative DNS servers can already be tested using a tool published by ISC and available on the developers' site. A web-based test tool for clients and resolvers is still under development.

Comments

  • Tuesday 23 July 2019

    News

    Parenting by Barbie?

    Thumb-Barbie-doll-portrait

    AI AI Barbie explores the relationship between parents, children and smart toys

    Read more
  • Thursday 4 July 2019

    News

    CGNAT frustrates all IP address-based technologies

    Thumb-abstract-futuristic-cyberspace-with-a-hacked-array-of-binary-data

    IPv4 is creaking at the seams

    Read more
  • Monday 27 May 2019

    News

    Bits of Freedom makes privacy law work in practice

    Thumb-shredded-paper

    My Data Done Right: a new tool for generating personal data requests

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.