DNS Flag Day
Daniel Feenberg
feenberg at nber.org
Mon Jan 21 15:44:36 UTC 2019
On Mon, 21 Jan 2019, @lbutlr wrote:
> On 20 Jan 2019, at 13:49, Daniel Feenberg <feenberg at nber.org> wrote:
>> Is DNS Flag Day something that should concern someone using FreeBSD 11.2 for name service? I ran the tester at:
>>
>> https://dnsflagday.net/
>>
>> and it indicated a need for concern, but the details were unintelligible and there was no suggestion of "what to do".
>
> Without knowing what the messages were, it?s pretty much impossible to give you any advice.
>
> When I checked my domain, it simply replied with ?SLOW? in a red circle.
>
> ?\_(?)_/?
>
> I can live with slow for now. I suppose I should read up on RFC 6891 though and this time for sure get DNSSEC setup.
>
I thought it was checking for the problems that might have happened on the
flag day, but in addition it was checking for all sorts of other potential
problems, and giving unclear messages about them in addition. It appears
that if you have a recent FreeBSD, the flag day is of no concern.
There are only a handful of DNS servers in wide distribution - odd that
there is no list of compliant versions anywhere on the web.
Daniel Feenberg
More information about the freebsd-questions
mailing list