Be Ready for the 2nd DNS flag day

   9/21/2020

Major DNS systems developers such as (BIND, PowerDNS, Knot and Unbound) agreed to have an initiative to make the Domain Name System (DNS) protocol more reliable, secure, and resilient. So, they coordinate to have specific days to remove workarounds for broken DNS behavior. The first-ever DNS Flag Day was held on February 1, 2019. It targeted removing a workaround to accommodate DNS authoritative servers that incorrectly handled the Extensions to DNS (EDNS) protocol. In continues for this initiative, they specify the first of October (1-10-2020) to be the second flag day. The aim of this day is to solve some issues reletated to IP fragmentation which reletated to exceeding Maximum Transfer Unit (MTU). This will improve DNS reliability and prevent from some known DNS attacks. Therefore, it is essential for all DNS servers, whether authoritative or resolvers, to be ensured that they all operate in compliance with the specified actions so that their services or their associated customers' services are not subject to disruption. It is also crucial to ensure that other DNS-related solutions support EDNS such as:

  • DNS load balancer
  • DNS protection
  • DNS appliance
  • Firewall/Router rules

SaudiNIC confirms that all its servers and systems are compatible with the new versions of the DNS Protocol (EDNS).

For more information about the DNS flag day: https://dnsflagday.net/2020/ https://www.isc.org/blogs/dns-flag-day-2020/

You can test your DNS servers using the following tools: https://ednscomp.isc.org/ednscomp http://dnsviz.net