EDNS To Improve DNS Resolution Worldwide By February 2019
Netizens mark your calendars, Feb 1, 2019, will be a great day for the Internet as many participating websites will be compliant with EDNS (Extension Mechanism for DNS). EDNS removes the size restrictions currently imposed in the original DNS protocols created in 1987 under RFC1035. Users do not need to do anything as backward compatibility will operate if they don’t have an EDNS-compliant version of their respective browsers. With EDNS, it is expected that more nodes will be compliant with DNSSEC, designed to secure CNAME look-up. EDNS is also designed to enable longer message length beyond 512 bytes.
Termed ‘DNS Flag Day’, the event will usher a new age of DNS resolution, enabling a much better DNS in the age of Big Data. “To ensure further sustainability of the system it is time to end these (non-compliant) accommodations and remediate the non-compliant systems. This change will make most DNS operations slightly more efficient, and also allow operators to deploy new functionality, including new mechanisms to protect against DDoS attacks,” explained the EDNS proponents.
Tech giants such as Google, Facebook, Cisco, Cloudflare, and DNS resolver Quad9 are backing-up the initiative. Compared to end-users which do not need to make any adjustments, DNS operators worldwide need to make certain adjustments. “After February 1st, 2019 major public DNS resolver operators listed below will disable workarounds for standards non-compliance. This change will affect domains hosted on authoritative servers which do not comply either with original DNS standard from 1987 (RFC1035) or the newer EDNS standards from 1999 (RFC2671 and RFC6891). Non-compliant domains may become unreachable through these services,” emphasized the EDNS official blog.
Akamai, a major American cloud service provider on their part are ready for full implementation of EDNS. Their Global Traffic Management and Fast DNS service will continue to work uninterrupted come Feb 1, 2019. To assure full compliance, yet maintain current compatibility, Akamai will implement EDNS in full but maintain the old DNS resolving mechanism for quite a while. That means no downtime with DNS resolution is being expected by the company.
“DNS Flag Day is designed to highlight non-compliant authoritative servers, and if your server is still not compliant by flag day, you might encounter cases where names in your zone cannot be resolved using popular public DNS resolvers. If you encounter a problem with your DNS resolution on or shortly after DNS Flag Day (February 1, 2019), the first step is to check which DNS resolver is being used to resolve the name. Organizations using Akamai’s DNS resolvers will accommodate EDNS non-compliant responses. Compare the results of your DNS query using Akamai’s DNS resolvers with those from Google Public DNS or other public resolvers: If they are the same, that likely indicates a problem unrelated to Flag Day. If they differ, the owner or operator of the domain in question will need to bring their authoritative DNS servers into full compliance with EDNS0. All the Akamai products support EDNS0 (RFC 6891) functionality. It is required for DNSSEC, EDNS0 Client-Subnet (ECS), and many other DNS extensions,” said Akamai’s Principal Architect, Barry Greene.
Julia Sowells923 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.