DNS flag day: why parts of the internet will break down on February 1st

DNS flag day: why parts of the internet will break down on February 1st

14-01-2019 16:35:27

DNS Flag Day

This year the Domain Name System (DNS) celebrates its 40th anniversary. Jon Postel, one of the grandfathers of the internet, published a DNS systematic in IEN116 in august of the year 1979. The DNS ensures that names (domain names) are converted to numbers (IP addresses) and the other way around, like a phonebook for the internet. A simplified explanation of the way in which DNS works can be found in an old blog entry by BIT. A full explanation on the mechanisms of DNS can be found in the excellent introduction written by Bert Hubert. On February 1st, 2019, part of the domain names on the internet will not be available on DNS for a part of the internet users. You can read here what will happen on this day and how you can check the availability of your domain name.

History

Twenty years after the introduction of DNS, EDNS (extension mechanisms for DNS) was presented in RFC2671 (1999). EDNS made it possible to create larger DNS packages and enabled the possibility for DNSSEC, an expansion on the DNS for cryptography needs. A part of the authoritative name servers, however, does not offer the correct support for EDNS. Authoritative name servers are the servers on which a domain name administrator reports on which IP address the website and email can be found. The caching name servers on the internet have applied work-arounds in the past twenty years to make sure that domain names do not get unavailable as a result of faulty EDNS implementations on authoritative name servers. Caching name servers are the servers that ask the authoritative name server for the DNS for an internet user.

DNS flag day

On the 1st of February 2019 the large, open source DNS software makers will remove aforementioned work-arounds from their caching name servers. These are parties like PowerDNS, NLnet Labs and ISC that produce name server software like PowerDNS, Unbound and BIND. In addition, a number of large public resolving name servers including Quad9 (9.9.9.9.) and Google (8.8.8.8.) will adapt their software so EDNS work-arounds no longer work. More information on these changes can be found on a special website for this ‘DNS flag day’ or seen in the video that discusses the issue. The removal of the work-arounds has the goal of reducing the complexity of the resolvers. Also, the requests to the DNS will be faster in some cases.

What now?

If you use one of BIT’s authoritative name servers, you do not need to do anything. Our name servers support EDNS. You can see here that the domain bit.nl passes the ‘EDNS Compliance Tester’. The domain name bit.nl uses the BIT authoritative name servers. If you use another authoritative name server, or if you do not know which authoritative name server your domain uses at all, please check your domain name here. You only have to enter your domain name without www, for example ‘example.nl’, in the ‘Zone Name’ field and you can leave all other entry fields empty. If the results say anything other than ‘All Ok’, your domain name might not be (fully) available for part of the internet after February 1.'


Upgrade or relocate

If your domain name does not pass the test, let the administrators of the name servers upgrade their name servers or let them check whether their firewalls obstruct the support of the EDNS. If this causes any issues or if you think that the administrators will not handle this in a timely fashion (since they have not done anything with it in the past 20 years either), you can relocate your domain name to a party that does support EDNS. BIT’s clients can report a relocation to BIT through the portal. If you are not a client yet but you do want to relocate your domain name to us, please contact us. If the administrators do not get their servers right in time and you do not want to relocate your domain name to us, but you still want to use BIT’s name servers, please contact us as well.