Your Site May Break on DNS Flag Day [February 1, 2019]

DNS service providers (CZ.NIC, ISC, Cisco, NLnet Labs, PowerDNS and others) have announced that they will stop supporting accommodations for DNS implementations that don’t comply with EDNS, the extended protocol version. As the result, some sites may become unavailable to visitors. The so-called DNS Doomsday Flag Day is scheduled for February 1, 2019.

What Is DNS?

DNS (Domain Name System) is a distributed computing system for obtaining information about the status of a domain. For instance, it can be used to get an IP address by using the name of a specific host (device or computer), or to obtain the information about the distance that an email has traveled.

This distributed database is supported by a hierarchy of DNS servers that interact according to a specific protocol.

DNS Features

  • Distributed administration. Various organizations are responsible for some parts of the hierarchical structure.
  • Distributed storage. Each individual network node must necessarily save not only the data that are in its area of responsibility, but also the addresses of the root servers.
  • Caching. A specific node is able to save a certain amount of data from another area of responsibility in order to reduce network loads.
  • A hierarchical structure.  All nodes are unified into one tree. Each node can determine the work of the downstream nodes, or transfer tasks to other nodes.
  • Reservation. One zone is maintained by several servers in parallel. Servers are divided into physical and logical, ensuring data integrity and continued operation even if one of the nodes fails.

The domain name system is an efficient automated mechanism that is important for the operation of the global network, since a regular connection to a node requires all the information about its personal address.

DNS Flag Day: Reasons

The DNS protocol was developed in the early 1980s. Since then, numerous new functions and features have been added. The first version of extensions under the name EDNS0 (Extension Mechanism for DNS) allowed for the removal of some of the restrictions, such as the size of some fields of flags, return codes, etc. The current version of extensions is named EDNS.  

Still, multiple DNS servers exist on the Internet that don’t support EDNS, thus creating certain difficulties in interaction. DNS software vendors need to provide backward compatibility, which in turn leads to slower operation of the entire DNS system. Moreover, they face security issues and can’t implement new EDNS features to the full capacity.

Eventually, DNS providers have decided that they will not maintain archaic servers that implement outdated protocol versions.

What Will Actually Happen?

On February 1, 2019, DNS providers will release new software that will not contain workarounds. Henceforth, the most popular software that is responsible for the work of DNS—Bind, Knot Resolver, PowerDNS and Unbound—will only accept EDNS-compliant traffic.  

The traffic from servers that have not been updated will be considered as illegitimate and will not be maintained, and as a result, the domains will become unavailable.

Most companies will not notice DNS Flag Day, as many providers have already updated their software to the required versions.

Who may face difficulties?

  • Organizations that maintain their own servers independently and do not update their software timely (as a rule, they lack specialists or financing).
  • Companies that have firewalls that are too strict and may block important DNS signals.

As a result, the sites of such organizations will be unavailable or will face problems with access.

What Should You Do?

If you are not sure about the accessibility of your site in February 2019, you can easily check it on dnsflagday.net. Type your domain name in the appropriate field and click the “Test!” button.

DNS-test-your-domain-photo  

In a few seconds, you will get one of four possible results.

  1. A green sign means that your site is ready for changes and you can forget about DNS Flag Day 2019. As you see, SaM Solutions is perfectly ready.

test-domain-DNS-flag-day-photo

  1. A yellow sign means that the site will work, but it does not support the latest DNS standard. As a result, it will not be able to fully implement the necessary security features and may be vulnerable to cyberattacks.
    DNS-minor-problems-photo
  2. A red sign with the word slow is not good. It alerts you about a serious problem and implies that this domain will face access issues after DNS changes.

DNS-flag-day-serious-issues-photo

  1. The worst scenario is when you see a red sign with the word stop. It means that your domain will not be available after DNS flag day 2019.    

DNS-flag-day-fatal-error-photo

Don’t panic! If some problems have been detected, you can quickly fix them. All the necessary instructions and links for updating your software are available on dnsflagday.net. There are also various utilities with which you can scan your infrastructure and detect the weak points.

Final Thoughts

Experts say that the majority of sites have already updated their DNS software and are compatible with the needed requirements. Therefore, global disruptions are not expected.

2019 DNS Flag Day should have positive consequences, as the system will recover from archaic features and will be able to improve its performance.

Obviously, this is not the last day of global network changes. There are many systems (apart from the DNS protocol) that need to be redesigned, and such activities will probably take place in the future.

Request consultation with SaM Solutions' specialist





No votes yet.
Please wait...

About the author

Natallia Sakovich
Natallia Sakovich

A copywriter at SaM Solutions, Natallia is devoted to her motto — to write simply and clearly about complicated things. Backed up with a 5-year experience in copywriting, she creates informative but exciting articles on high technologies.