• 1

DNS Flag day

What is DNSFlagDay ?

The current DNS use a lot of workaround that cause slowness and inefficiency. On the 1st of February 2019, major DNS software providers (ISC BIND, PowerDNS, NSD) have committed to release a new version which removes workarounds for broken DNS infrastructure. 

Why does the DNS need a flag day ?

For a long time, many vendors have shipped with mechanisms to cope around with authoritative servers that are not "Extension mechanisms for DNS" or EDNS (RFC6891) compliant. Due to EDNS being a fairly old protocol, it would be expected that by 2019, the Internet DNS infrastructure would be 100% compliant. However, this is not the case. Sometimes, this is also due to badly configured firewalls that do not interpret EDNS packets correctly and have been deployed for a long time without being fixed.

How will this help the DNS infrastructure ?

By removing workarounds, this will allow DNS infrastructure to evolve by eliminating the need to keep backward compatibility with broken DNS systems. 


The impact is fortunately expected to be small as many DNS administrators have taken steps to correct those problems before DNS Flag day took place.

Tools available

Please have a look at https://dnsflagday.net/ which contains an online tool to check for issues with a particular domain. 


At AFRINIC, we have audited all the domains we manage to make sure that we are ready for DNSFlagday.  We look forward to meeting you at the African Internet Summit 2019 for some technical sessions about DNS.

© 2017 AFRINIC. All Rights Reserved. Designed By AFRINIC