Domain name server (DNS) Flag Day is February 1, 2019. It’s a global update to ensure all major DNS infrastructures adhere to the newest standards. On DNS Flag Day, DNS software vendors and public providers will remove “workarounds” that make DNS slow and unable to deploy new features.
All nameservers (DNS infrastructure) are expected to abide by certain standards for compatibility. The standards are called “request for comment” (RFCs), and they are the standards by which the internet is bound and governed through the Internet Engineering Task Force (IETF: ietf.org). There are many RFCs, and they are updated over time while new ones are also created. All RFCs go through an approval process, and once approved, it’s expected that all DNS infrastructures adopt the new standards.
Because there are a lot of moving parts, some organizations don’t make the necessary updates. However, on February 1, 2019, all DNS infrastructures will be required to use the newest standards.
Extension mechanisms for DNS (EDNS) will be employed to make the updates on DNS Flag Day. EDNS is a resource record (RR) called option code (OPT) that includes additional data, which does not appear in the zone. EDNS adds information automatically (both requests and responses) so that the two systems communicating know each other’s compatibility and can pass the desired information.
Your DNS infrastructure or provider must be able to support EDNS or risk incompatibility which can lead to nameservers being treated as “no longer in service,” resulting in a downed website or degraded experience.
On February 1, 2019, disabling the EDNS will no longer be allowed.
If you’re using CSC DNS, you have nothing to worry about. We have fully supported EDNS for a number of years. If you use a third-party provider, we recommend you use the available tools to check your domains, and reach out to your provider to ensure you are not vulnerable.
- Further information for domain owners, DNS administrators, and DNS software and developer researchers can be found at dnsflagday.net.
- This link offers a domain name checking tool: ednscomp.isc.org/ednscomp. If you do not get an “ALL OK,” then there is an issue that needs to be addressed.
- RFC: tools.ietf.org/html/rfc6891
- Wikipedia: en.wikipedia.org/wiki/Extension_mechanisms_for_DNS