DNS Flag Day, what does it change ?

On this February 1st, the DNS (Domain Name System [1]) protocol is going to undergo a new big change…

A bit of Context

DNS protocol has been a key component of the functionality of the Internet for the last 30 years, and still is. It associates domain names (e.g. www.ovh.com) to the numerical IP addresses (e.g. needed for locating and identifying websites or other computer services. This protocol is usually described as the web directory.

As the Internet, and technologies running it, are quickly evolving, of course the DNS protocol has already evolved many times along its 30 years of existence.

Today, we especially have a look on its first extension, called EDNS [2], which is at the heart of the so-called DNS Flag Day.

EDNS, What’s this thing ?

This extension added new functionalities to the ones bring by the DNS protocol.

Ten years ago, this extension was key to give birth to the DNSSEC [3] which is solving some security issues around DNS protocol by securing certain kinds of information provided by the DNS through cryptographically signed responses.

Unfortunately, many DNS servers in the world don’t have this EDNS extension. Sometimes, the extension doesn’t correctly comply with the standards, or, even worst, is simply blocked !

To guarantee the stability of the domain names resolution (i.e. the translation of a domain name into an IP address), resolver’s infrastructures had to heap up numerous modifications to manage all known exceptions.

2019 February 1st – Day one

These exceptions degrade significantly Domain Names resolution, and therefore directly the user experience. Moreover, it’s complicated to maintain so many patches over time.

For all these reasons, the DNS Flag Day has been created. From the first day of 2019 February, exceptions implemented in the resolvers will progressively be removed.

You will probably not notice much difference on D-day, but as updates are made to the DNS servers, resolutions may be compromised.

Who will be impacted?

OVH infrastructures are compatible with EDNS, no impact is to be expected if you use the DNS services managed by OVH.

If your DNS zone is not hosted on OVH DNS, we recommend you to ensure your service provider has done the necessary.

In case you are not able to be ready by February 1st, you still have the possibility to migrate your DNS zone on our infrastructure.

Our guides:

Am I being impacted?

The easier way for you to be sure is by checking if your domain name is compatible via the tools provided by DNSFlagDay. An online tool is available :DNS Flag Day is a cross organization effort and can be trusted.

To go further

The .cz extension registry has put online a tool to scan any extension and check its compatibility with resolution using EDNS:

The AFNIC has carried out a test for the .fr TLD. In their results, available here, we see that 3.49% of .fr domains will probably be impacted.

IT Team Leader | + posts

Focused on Web performances and security