ScorpionSting Absent Member.
Absent Member.
1050 views

DNS Flag Day

As of February 1st 2019 DNS software and service providers have agreed to coordinate removing accommodations for non-compliant DNS implementations from their software or services.

Will your DNS be affected? Check your systems and read more at https://dnsflagday.net/

Current SLES Bind is okay, but pays to check.

Visit my Website for links to Cool Solution articles.
Labels (1)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: DNS Flag Day

ScorpionSting;2494802 wrote:
As of February 1st 2019 DNS software and service providers have agreed to coordinate removing accommodations for non-compliant DNS implementations from their software or services.

Will your DNS be affected? Check your systems and read more at https://dnsflagday.net/

Current SLES Bind is okay, but pays to check.


Hi Ben,

I wasn't aware of this.

I checked a couple of domain names. One came back OK but the other had errors.

Both domains are hosted by the same ISP and use the same DNS servers. From what I read at the link you provided I understand this issue is with the DNS server itself and not how a specific domain has been setup. Is that correct?
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: DNS Flag Day

KBOYLE;2494822 wrote:
Hi Ben,

I wasn't aware of this.

I checked a couple of domain names. One came back OK but the other had errors.

Both domains are hosted by the same ISP and use the same DNS servers. From what I read at the link you provided I understand this issue is with the DNS server itself and not how a specific domain has been setup. Is that correct?


Correct, but location may also play a part. I had to change my firewall to fix my result (I currently use JunosOS 12.3X48-D70.4)....if you read the result report (both success and failure), it details the IP of the DNS and its result.

Visit my Website for links to Cool Solution articles.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: DNS Flag Day

ScorpionSting;2494844 wrote:
Correct, but location may also play a part. I had to change my firewall to fix my result (I currently use JunosOS 12.3X48-D70.4)....if you read the result report (both success and failure), it details the IP of the DNS and its result.


The other thought I have is that your ISP load balances DNS internally, and they've patched one but not the other.... If that's the case, I'd change ISP 😄

Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner
Knowledge Partner

Re: DNS Flag Day

In article <ScorpionSting.8v0jkn@no-mx.forums.microfocus.com>,
ScorpionSting wrote:
> The other thought I have is that your ISP load balances DNS internally,
> and they've patched one but not the other.... If that's the case, I'd
> change ISP 😄


While changing the DNS hoster is an ultimate option, it has enough
headaches that it may well be easier to just keep on top of them,
cracking the whip to fix it. They may have to make some architectural
changes that will just take some time to get done.
I've been cracking the whip at a couple of my clients' ISPs about getting
their stuff into shape and getting some good but slow progress.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: DNS Flag Day

KBOYLE;2494822 wrote:
Hi Ben,

I wasn't aware of this.

I checked a couple of domain names. One came back OK but the other had errors.

Both domains are hosted by the same ISP and use the same DNS servers. From what I read at the link you provided I understand this issue is with the DNS server itself and not how a specific domain has been setup. Is that correct?


Looks like this is an anual campaign. DNS Flag Day 2020 will focus on the problems with IP fragmentation of DNS packets.

https://dnsflagday.net/

Visit my Website for links to Cool Solution articles.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: DNS Flag Day

ScorpionSting;2500861 wrote:
Looks like this is an anual campaign. DNS Flag Day 2020 will focus on the problems with IP fragmentation of DNS packets.

https://dnsflagday.net/


Holy beduggery! What a difference edns-udp-size 1220 and max-udp-size 1220 make!


Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner
Knowledge Partner

Re: DNS Flag Day

ScorpionSting;2500868 wrote:
Holy beduggery! What a difference edns-udp-size 1220 and max-udp-size 1220 make!


Hi Ben,

Please help me interpret the graph you provided.


  • What are the events to which the graph refers?
  • How do edns-udp-size and max-udp-size enter into the picture (pun intended)?
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: DNS Flag Day

KBOYLE;2500885 wrote:
Hi Ben,

Please help me interpret the graph you provided.


  • What are the events to which the graph refers?
  • How do edns-udp-size and max-udp-size enter into the picture (pun intended)?



The green portion is events from SUSE (x2). I had configured rsyslog to send all named events. After I configured named's udp-size (DNS Flag Day 2020) and restarted the services, the events just dropped drastically.

Visit my Website for links to Cool Solution articles.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.