Domains served by DNS servers that are not compliant with the Extensions to DNS (EDNS) protocol standard will not function reliably after tomorrow, February 1, 2019, and may become unavailable. A number of DNS software and service providers have dubbed this Friday “DNS Flag Friday,” and have announced that they will all cease implementing DNS resolver workarounds to accommodate DNS authoritative systems that don’t follow the protocol.
It is unfortunate that this event was not very well publicized – it could have a significant impact on site traffic and the ability for your organization to troubleshoot why someone cannot connect to your site. If your company’s DNS zones are served by non-compliant servers, your online presence will slowly degrade or disappear as ISPs and other organizations update their resolvers. When you update your own internal DNS resolvers to versions that don’t implement workarounds, some sites and email servers may become unreachable.
What You Should Do
It’s important that you test all of your domains today, including all subdomains also – especially if they direct to a different IP address. For example:
The Internet Systems Consortium (ISC) has provided this easy-to-use tool to help you check your domains and subdomains: https://ednscomp.isc.org/ednscomp
Should connection to your domain fail, MTS recommends you either switch DNS providers or upgrade your DNS server.
Why Make This Change Now?
Extension Mechanisms for DNS were specified in 1999, with a minor update in 2013, establishing the ‘rules of the road’ for responding to queries with EDNS options or flags. Despite this, some implementations continue to violate the rules. DNS software developers have tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension by implementing various workarounds for non-standard behaviors. This is not unlike the way a driver with the right-of-way might hesitate at an intersection before proceeding if there were another driver in the intersection behaving erratically. These workarounds excessively complicate DNS software and are now also negatively impacting the DNS as a whole.
If you have questions about DNS compliance, or the steps to take to become compliant with the EDNS protocol standard, please call us – we are here to help.