DNS Flag Day
Matthew Seaman
matthew at FreeBSD.org
Mon Jan 21 12:47:22 UTC 2019
On 21/01/2019 08:02, Andrea Venturoli wrote:
> Sorry to step in.
> What about authoritative servers for private zones?
>
> I.e. Are those who are serving local.xxxxx.xx to their LAN affected?
You can only be affected by your local nameservers not having correct
EDNS0 support by upgrading to one of the nameserver packages due to be
released on or after that day, which will take a much harder line on
incorrect ENDS0-related responses.
Since you presumably control both client and server sides of your local
setup, then all you need to do is ensure that you upgrade all your
clients and server software in a fairly short timeframe, or else leave
all well alone.
You can grab ISC's ednscomp testing code from GitHub if you want to run
it against your private internal nameservers:
https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing
or you can look at the queries the ednscomp site runs and just run them
by hand using dig(1) -- see eg. this page:
https://ednscomp.isc.org/compliance/summary.html
Cheers,
Matthew
More information about the freebsd-questions
mailing list