I'm still running bind 9.9.5 (Ubuntu server) and have absolutely no problem with my commercial domain names, zero warnings or errors.
* This domain is perfectly ready, you do not need to worry about DNS flag day 2019. * Your DNS administrator is doing a good job, send him a sincere thank you ;-)
Bob
On 2019-01-26 4:12 a.m., Rob Janssen wrote:
The problem lies outside of Linux distributions, the problem lies with over aggressive firewalls (or poorly designed firewalls) that don't allow or understand DNS Extensions.
And with old DNS server versions that do not allow them either, I think. And that seems to be the case for the abovementioned domains. (or there is such an overly agressive firewall in front of them)
This email was sent to you from a Debian Stretch (earlier in the food chain than Jessie) server using DNS servers running various versions of Linux DNS software behind simple iptables firewalls that don't strip off DNS Extension bits.
I am running Debian Buster on my own machine at home, even newer, and I have no problems either. But on our AMPRnet gateway (which has Debian Jessie) there is a DNS server/resolver (bind 9.9.5) which logs EDNS warning about the abovementioned domains, and it was my impression that after this flag day those warnings would be turned into errors for those domains.
But of course that would only happen when Debian decide to replace the bind package on Jessie with a new version that has been amended according to the message that Brian sent (9.14.0). I am not so convinced that this is going to happen, but I have not researched that fully.
When I understand correctly, major resolvers like 1.1.1.1, 8.8.8.8 and 9.9.9.9 would make that change on Feb 1st, so those that use these resolvers will be affected immediately on Feb 1st.
Well, we will see. The number of EDNS warnings (and warnings about DNSSEC issues) has gone down quite a bit in the last months, so apparently work has been done in a lot of places already.
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net