On Sat, 2019-01-26 at 00:04 +0100, Rob Janssen wrote:
Although I don't expect that all the Linux distribution maintainers will suddenly rush out resolver updates on Feb 1st, especially not on stable versions. So it could take longer until it becomes visible in our network. It will likely hit those that use 8.8.8.8 sooner than e.g. the resolver on our gateway (44.137.0.1) which will only get updated once Debian Jessie receives an update.
The problem lies outside of Linux distributions, the problem lies with over aggressive firewalls (or poorly designed firewalls) that don't allow or understand DNS Extensions.
As for 8.8.8.8 they were long ago EDNS0 compliant, as are all other major Public DNS resolvers. IIRC, the problems will primarily hit old Microsoft Windows DNS Servers that were coded so long ago that they don't even know how to deal with DNS Extensions, and a handful of out- of-date, or unmaintained, firewall equipment.
This email was sent to you from a Debian Stretch (earlier in the food chain than Jessie) server using DNS servers running various versions of Linux DNS software behind simple iptables firewalls that don't strip off DNS Extension bits.
73s,
-Jim P.