Today is DNS Flag Day, which marks the date from which major open source DNS software vendors will stop accommodating non-standard responses from authoritative DNS servers. As of today, sites hosted on incompatible authoritative servers may not be reachable by clients using updated resolvers.
If you are a DNS authoritative server or resolver operator and haven’t checked already, you should be testing your domain and if necessary, following the steps outlined on dnsflagday.net, including making sure your firewall is not dropping DNS packets with EDNS extensions.
If the news has caught you off-guard, or you just want to be extra sure you’re ready, we recommend you start with Petr Špaček’s Are you ready for DNS Flag Day?
For a deeper dive into what DNS Flag Day is and how it is measured, InternetNZ‘s Sebastan Castro has provided us with great detail in his recent blog article and Facebook Live video.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.