LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-21-2019, 11:32 AM   #1
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,293

Rep: Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653
DNS Flag Day is coming soon!


https://dnsflagday.net

Quote:
On or around Feb 1st, 2019, major open source resolver vendors will release updates that implement stricter EDNS handling.
..and...
Quote:
The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019.
At any rate, follow the link for details.
 
Old 01-21-2019, 12:41 PM   #2
OldHolborn
Member
 
Registered: Jul 2012
Distribution: Slackware
Posts: 176

Rep: Reputation: 148Reputation: 148
This all sounds very strange indeed

Bind unstable development is 9.13.5
Unbound is current is 1.8.3

On the 1st of Feb you are expected to upgrade your software to versions we haven't shown you yet?
 
Old 01-21-2019, 01:47 PM   #3
dgrames
Member
 
Registered: Jul 2007
Distribution: Slackware
Posts: 76

Rep: Reputation: 13
I have 2 name servers running Slackware 14.2 and they passed the test on https://dnsflagday.net/ just fine. I needed to open tcp port 53 though.

Don
 
Old 01-22-2019, 07:55 AM   #4
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 868

Rep: Reputation: 265Reputation: 265Reputation: 265
The version numbers shown are the versions that will not be backward compatible with non-edns servers.

They are not the versions you need to run to be EDNS capable.
 
Old 01-22-2019, 10:08 AM   #5
ehartman
Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 605

Rep: Reputation: 284Reputation: 284Reputation: 284
Quote:
Originally Posted by wildwizard View Post
The version numbers shown are the versions that will not be backward compatible with non-edns servers.

They are not the versions you need to run to be EDNS capable.
And they haven't been released YET. There isn't even a BETA for bind 9.14 yet and neither is there any release of unbound beyond 1.8.3
So you would expect DNS servers to switch to untested versions?
 
Old 01-22-2019, 11:36 PM   #6
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,293

Original Poster
Rep: Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653Reputation: 1653
Quote:
Originally Posted by ehartman View Post
And they haven't been released YET. There isn't even a BETA for bind 9.14 yet and neither is there any release of unbound beyond 1.8.3
So you would expect DNS servers to switch to untested versions?
From what very little that I've read on the subject, you don't need to implement EDNS on your DNS server; your DNS server needs to respond in a way that says "no, I don't implement EDNS but I'm not dead either".

According to the standard IETF speak, this is what your DNS server needs to do for that to happen. The important bit is
Quote:
Responders that choose not to implement the protocol extensions defined in this document MUST respond with a return code (RCODE) of FORMERR to messages containing an OPT record in the additional section and MUST NOT include an OPT record in the response.
From what @dgrames posted, I think (but do not know) that our current versions of BIND will do that when configured correctly.

Since our BDFL (and his minions) reads (at the very least) some of these threads, I'll be content to wait to see if he has something important to say on the matter. If neither he or his minions have anything to say, then I wouldn't worry about it if you do the same test that @dgrames did and get a pass.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Required adding flag on packet and routing packet based on flag over ssl tunnel. sskhan Linux - Networking 1 02-02-2018 03:56 PM
LXer: Q. Can your Linux PC run Crysis? OK, it can. But will it run natively? A. Soon, very soon LXer Syndicated Linux News 0 03-11-2014 11:01 PM
LinuxQuestions.org Members Choice Awards - Coming Soon jeremy LQ Suggestions & Feedback 24 12-31-2004 06:25 PM
COMING SOON: HP LAPTOP /W PRE-INSTALLED LINUX (sorry for caps) imonfya Linux - Laptop and Netbook 2 08-04-2004 04:21 PM
F C 2 - T 3 Coming Soon !!! ranger_nemo Fedora 0 04-24-2004 11:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration