DNS Flag Day may cause any problem in private DNS servers ?

Evan Hunt each at isc.org
Thu Jan 24 19:24:07 UTC 2019


On Thu, Jan 24, 2019 at 10:53:49AM -0300, Roberto Carna wrote:
> Dear, I've just worked around on my public BIND DNS's in order to solve the
> problem of DNS Flag Day.
> 
> But I have a pair of private DNS (BIND and Windows) that respond to
> internal queries and also forward non authoritative queries to my public
> DNS's....may my private DNS's become unstables after DNS Flag Day if I
> don't any workaround on them ?

DNS flag day is when vendors of recursive name servers will stop releasing
new software that coddles ancient or broken authoritative servers and
firewalls. Instead of trying over and over in different ways to coax some
broken remote system to send back an answer, new resolver software will
just declare the remote server to be broken, and give up.

Nothing will stop working suddenly on February 1. However, the next time
you upgrade your recursive name server to the latest version, you *might*
have problems then.  My guess is that you won't, but I can't guarantee it.

If you do have some legacy server running internally that can't be fixed to
support EDNS properly, you can still configure your resolvers not to use
EDNS when talking to that specific server. That option will still be
available after flag day.

An easy way to check would be to install the latest BIND development
release (version 9.13.5) and see if it works. It already has all the flag
day changes in it.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.


More information about the bind-users mailing list