As we welcome 2019 into our warm arms, the internet continues to struggle with packet loss, high latency times and DNS getting progressively slowly at responding, it’s about time we make some tweaks.. starting with DNS,
Due to the rise of non-compliant DNS providers and the addition of EDNS data with retries which are clogging up DNS servers and response times a whole bunch of DNS providers have teamed up to launch the DNS Flag Day which is on the 1st of February.
The main reason for this is to enforce the DNS standards and cut out bloat – and while you’re at it, can we all set 3 nameservers now instead of 2 please? slackers.
What is happening?
The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019.
You can see a presentation around the matter here (Thank you UKNOF)
Who is supporting DNS Flag Day?
DNS Flag day is supported by multiple companies including Google, Quad9, Facebook, Cisco, SafeBrowsing, CloudFlare, PowerDNS and ISC – so expect disruption if your website domain has invalid DNS records,
The changes are also being implemented into many popular DNS services too such as ISC BIND, Unbound, Knot DNS and PowerDNS whom within the next update / stable release will drop zones that are not compliant – so next time you update your dns server software, you may find your zone wont load or is ignored.
How to test your site for DNS Compliance?
https://dnsflagday.net/ – Official website with a traffic-light checker and technical report for failures.
https://ednscomp.isc.org/ednscomp – Technical checker for DNS compliance.
http://dnsviz.net/ – Helps show your DNS chain and also does DNSSEC checks.
If you fail to test your DNS and ensure you have compliant DNS records then there may be issues accessing your website after the 1st of Feb 2019, make sure you check your records and keep them clean RFC approved! – especially important if your Business runs internal DNS servers too!