https://dnsflagday.net/
What is happening?
The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019.
This change affects only sites which operate software which is not following published standards. Are you affected?
Domain owners
Please check if your domain is affected:
Test your domain Domain name (without www):
Invalid input or other unexpected error, sorry!
DNS resolver operators
On or around Feb 1st, 2019, major open source resolver vendors will release updates that implement stricter EDNS handling. Specifically, the following versions introduce this change:
DNS server operators
For introduction to EDNS compliance we recommend you to use form above which produces simplified result for a whole domain.
It is also possible to test your DNS servers directly using the tool ednscomp which displays detailed technical report. Simply enter the name of a zone hosted on your DNS servers into the
field and click the
button.
The summary result of ednscomp tests should preferably be a green message
.
Minimal working setup which will allow your domain to survive 2019 DNS flag day must not have
result in any of plain DNS and EDNS version 0 tests implemented in ednscomp tool. Please note that this minimal setup is still not standards compliant and will cause other issues sooner or later. For this reason we strongly recommend you to get full EDNS compliance (all tests
) instead of doing just minimal cleanup otherwise you will have to face new issues later on.
If there is a problem, the ednscomp tool displays an explanation for each failed test. Failures in these tests are typically caused by:
Firewalls must not drop DNS packets with EDNS extensions, including unknown extensions. Modern DNS software may deploy new extensions (e.g. DNS cookies to protect from DoS attacks). Firewalls which drop DNS packets with such extensions are making the situation worse for everyone, including worsening DoS attacks and inducing higher latency for DNS traffic.
When I ran the test, by putting vandwellerforum.com in the box provided, the response was "Invalid input or other unexpected error, sorry!"
Since I know nothing about this stuff, it may be irrelevant.
What is happening?
The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019.
This change affects only sites which operate software which is not following published standards. Are you affected?
Domain owners
Please check if your domain is affected:
Test your domain Domain name (without www):
Invalid input or other unexpected error, sorry!
DNS resolver operators
On or around Feb 1st, 2019, major open source resolver vendors will release updates that implement stricter EDNS handling. Specifically, the following versions introduce this change:
- BIND 9.13.3 (development) and 9.14.0 (production)
- Knot Resolver already implemented stricter EDNS handling in all current versions
- PowerDNS Recursor 4.2.0
- Unbound 1.9.0
DNS server operators
For introduction to EDNS compliance we recommend you to use form above which produces simplified result for a whole domain.
It is also possible to test your DNS servers directly using the tool ednscomp which displays detailed technical report. Simply enter the name of a zone hosted on your DNS servers into the
Code:
zone nameCode:
SubmitThe summary result of ednscomp tests should preferably be a green message
Code:
All OkMinimal working setup which will allow your domain to survive 2019 DNS flag day must not have
Code:
timeoutCode:
okIf there is a problem, the ednscomp tool displays an explanation for each failed test. Failures in these tests are typically caused by:
- broken DNS software
- broken firewall configuration
Firewalls must not drop DNS packets with EDNS extensions, including unknown extensions. Modern DNS software may deploy new extensions (e.g. DNS cookies to protect from DoS attacks). Firewalls which drop DNS packets with such extensions are making the situation worse for everyone, including worsening DoS attacks and inducing higher latency for DNS traffic.
When I ran the test, by putting vandwellerforum.com in the box provided, the response was "Invalid input or other unexpected error, sorry!"
Since I know nothing about this stuff, it may be irrelevant.
![[-]](https://vandwellerforum.com/images/collapse.png)
![[Image: devotion_to_duty.png]](https://imgs.xkcd.com/comics/devotion_to_duty.png)
![[Image: dobby.png]](https://PitaFree.com/users/fzm0smtd40volg3aqf9di/dobby.png)
![[Image: 414097000.jpg]](http://pic100.picturetrail.com/VOL1120/13453156/24631912/414097000.jpg)