Will your website survive DNS Flag Day?
From DNS Flag Day onwards, all DNS servers will have to comply with the new EDNS standard. Otherwise, the domains they point to will become unreachable. Why this important step? And is your website at risk of being taken offline?
Why EDNS is necessary
EDNS (Extension Mechanisms for DNS), a new standard that offers the DNS protocol more possibilities, has been under development since 1999. EDNS could, for example, be used to build in DNS Cookies. And that would be a major leap forward in the fight against DDoS attacks, which are based on abuse of the DNS protocol. EDNS also enables DNSSEC and DNS geolocation.
However, the transition to this new standard has been quite a difficult undertaking for years. Firewalls or DNS implementations were not updated immediately or correctly. DNS software developers did try to solve interoperability issues by devising workarounds (or patches). But that was far from ideal.
These patches make the DNS software unnecessarily heavy and increase the risk of bugs. They have a negative impact on the overall DNS system and prevent the general application of the security features of EDNS. In short, they stand in the way of a faster, leaner and safer Internet.
February 1, 2019 will mark the start of a radical transition to a safer, faster and leaner Internet. Combell has made your domain name ready for this DNS Flag Day. You can even do the test yourself!
DNS Flag Day: no more patches!
For this, major providers of DNS software and services have agreed on a deadline: 1 February 2019. From that day on, their solutions will no longer support these workarounds and will only work with DNS servers that comply with the EDNS standard.
That DNS Flag Day has now arrived: 1 February will be like 'Doomsday'. Because from that day on, domain names served by DNS servers that do not comply with the standard may no longer be resolved. As a result, the website to which the domain name points may become unreachable. Even if a DNS server uses a firewall that is not EDNS-compatible, the same disastrous result will occur. And that is definitely something you want to avoid, right?
No need to panic: most providers are ready for DNS Flag Day
However, there is no reason to panic, as most providers have taken their precautions in good time so that their DNS systems are up to date. Combell technicians have been working very hard to check all the software and, where necessary, to adjust the settings of the DNS records in a timely manner.
Are you a bit worried anyway? Then test your domain name yourself on the special DNS Flag Day website. In any case, we recommend that large companies test their DNS infrastructure using the various tools available on this website.
Test your domain name for DNS Flag Day