Contact Contact Us

WEEKLY COMMENTS

On 1 Feb 2019, major DNS software and service providers have ceased implementing DNS resolver workarounds for systems that are non-compliance with the Extension to DNS (EDNS) protocol. EDNS was introduced in 1999 to allow more information to be added in DNS messages and establish rules for responding to queries with EDNS options or flags. The workarounds were implemented to address interoperability issues as many DNS service products at that time were not able to handle EDNS queries. These workarounds will be disabled by many DNS providers such as Google Public DNS and OpenDNS to make DNS operation more efficient and allow DNS operators to deploy new functions such as protection against DDoS attacks. Due to the change, domains hosted on servers which do not fully support EDNS may be unreachable or suffer degraded performance. Organisations can use Internet Systems Consortium (ISC) compliance tool available at to check if internal DNS services are affected by the change.

References:
[1] DNS Flag Day 2019
[2] EDNS Compliance Tester
[3] DNS Flag Day – February 1, 2019

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883