Date: Mon, 21 Jan 2019 12:47:16 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: DNS Flag Day Message-ID: <b8ae4051-f29f-c7fa-5c08-35149f726e1f@FreeBSD.org> In-Reply-To: <157de54f-bf15-06ba-d47f-923dce0a716c@netfence.it> References: <alpine.BSF.2.21.9999.1901201548260.40690@mail2.nber.org> <5522b94d-4529-e10e-db65-20a1c172d46a@radel.com> <157de54f-bf15-06ba-d47f-923dce0a716c@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21/01/2019 08:02, Andrea Venturoli wrote: > Sorry to step in. > What about authoritative servers for private zones? > > I.e. Are those who are serving local.xxxxx.xx to their LAN affected? You can only be affected by your local nameservers not having correct EDNS0 support by upgrading to one of the nameserver packages due to be released on or after that day, which will take a much harder line on incorrect ENDS0-related responses. Since you presumably control both client and server sides of your local setup, then all you need to do is ensure that you upgrade all your clients and server software in a fairly short timeframe, or else leave all well alone. You can grab ISC's ednscomp testing code from GitHub if you want to run it against your private internal nameservers: https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing or you can look at the queries the ednscomp site runs and just run them by hand using dig(1) -- see eg. this page: https://ednscomp.isc.org/compliance/summary.html Cheers, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b8ae4051-f29f-c7fa-5c08-35149f726e1f>