New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[info] DNS flag day aka EDNS compliance approaching (2019-02-01) - CoreDNS compliant ;) #2488
Comments
[ Quoting <notifications@github.com> in "[coredns/coredns] [info] DNS flag d..." ]
Just wanted to have this available until mid february to let people know more about it and let them switch to a compliant DNS server \*cough* CoreDNS (compliance issue #2328).
>
>The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate >these problems, vendors of DNS software and also big public DNS providers are going to remove >certain workarounds on February 1st, 2019.
Aka EDNS workarounds won't be provided in the latest version of various providers and implementations. That means a hard cut-off for old (say mostly 15y+ old clients).
Take a look at more information, which providers are supporting this and a checking tool to check your compliance: https://dnsflagday.net/
We should be good here. I did a bunch of work and test to get into compliance;
at least the test tool doesn't scream at coredns anymore.
|
/close
|
got some zflag=formerr,z miek.nl. @176.58.119.54 (linode.atoom.net.): dns=ok zflag=formerr,z edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok The Following Tests Failed Warning: failure to address issues identified here may make future DNS extensions that you want to use ineffective. In particular echoing back unknown EDNS options and unknown EDNS flags will break future signaling between DNS client and DNS server. We already have examples of this where you cannot depend on the AD flag bit meaning anything in replies because too many DNS servers just echo it back. Similarly the EDNS Client Subnet (ECS) option cannot just be sent to everyone in part because of servers just echoing it back. Plain DNS with last reserved header bit set (zflag) Codes To retrieve this report in the future: https://ednscomp.isc.org/ednscomp/35d1cad5e5 |
[ Quoting <notifications@github.com> in "Re: [coredns/coredns] [info] DNS fl..." ]
got some zflag=formerr,z
Known, and fixed with miekg/dns#976
|
Just wanted to have this available until mid february to let people know more about it and let them switch to a compliant DNS server *cough* CoreDNS (compliance issue #2328).
Aka EDNS workarounds won't be provided in the latest version of various providers and implementations. That means a hard cut-off for old (say mostly 15y+ old clients).
Take a look at more information, which providers are supporting this and a checking tool to check your compliance: https://dnsflagday.net/
The text was updated successfully, but these errors were encountered: