Today is DNS Flag Day and Globally Thousands of Domains Likely to Break

Today, 1 February, is being billed as DNS Flag Day, a day when there will be a global change to Domain Name System (DNS) software. It’s likely to see thousands of websites around the world, along with their email addresses and other services, go kaput. For example, InternetNZ predicts 508 .nz domain names could break, although this is significantly down on the 8,349 they predicted would break 6 months ago.

The DNS Flag Day website explains the need for the maintenance. They note the “current DNS is unnecessarily slow and inefficient because of efforts to accommodate a few DNS systems that are not in compliance with DNS standards established two decades ago.”

“To ensure further sustainability of the system it is time to end these accommodations and remediate the non-compliant systems. This change will make most DNS operations slightly more efficient, and also allow operators to deploy new functionality, including new mechanisms to protect against DDoS attacks.

“DNS software and service providers listed on this site have agreed to coordinate removing accommodations for non-compliant DNS implementations from their software or services, on or around February 1st 2019. This change will affect only sites operating non-compliant software.”

For InternetNZ, their CEO says they’ve been preparing for the day for 6 months. Back in July 2018, InternetNZ worked out that 8,349 .nz domain names were going to break on 1 February out of a total of 718,000. However today they predicted this number would be 508. Some of those in the original number were high profile government agencies and banks.

“InternetNZ has been hard at work finding which .nz domains are set to break,” InternetNZ Chief Executive Jordan Carter said.

“The team at InternetNZ, led by Chief Scientist Sebastian Castro, has put in the hard yards on this change. Being able to significantly decrease the number of broken .nz domains is a huge success for many New Zealanders.”

For domain name registrants, there’s a form to check if your domain name is ready for the planned change on the DNS Flag Day website. For DNS resolver operators, “major open source resolver vendors will release updates that will stop accommodating non-standard responses. This change will affect authoritative servers which do not comply either with the original DNS standard from 1987 (RFC1035) or the newer EDNS standards from 1999 (RFC2671 and RFC6891). Major public DNS resolver operators listed below are also removing accommodations so this change will also impact Internet users and providers who use these public DNS services.

“Sites hosted on incompatible authoritative servers may become unreachable through updated resolvers. The web form above diagnostic tool may be helpful while investigating problems with a particular domain. Domains which repeatedly fail the test above have problems with either their DNS software or their firewall configuration and cannot be fixed by DNS resolver operators.

“The following versions of DNS resolvers will not accommodate EDNS non-compliant responses:

  • BIND 9.13.3 (development) and 9.14.0 (production)
  • Knot Resolver has already implemented stricter EDNS handling in all current versions
  • PowerDNS Recursor 4.2.0
  • Unbound 1.9.0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.