From owner-freebsd-questions@freebsd.org Mon Jan 21 15:44:36 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B251614AD218 for ; Mon, 21 Jan 2019 15:44:36 +0000 (UTC) (envelope-from feenberg@nber.org) Received: from mail2.nber.org (mail2.nber.org [198.71.6.79]) by mx1.freebsd.org (Postfix) with ESMTP id CE3D98ED45 for ; Mon, 21 Jan 2019 15:44:33 +0000 (UTC) (envelope-from feenberg@nber.org) Received: from mail2.nber.org (mail2.nber.org [198.71.6.79]) by mail2.nber.org (8.15.2/8.15.2) with ESMTPS id x0LFiMiq057343 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 21 Jan 2019 10:44:22 -0500 (EST) (envelope-from feenberg@nber.org) Date: Mon, 21 Jan 2019 10:44:22 -0500 (EST) From: Daniel Feenberg To: "@lbutlr" cc: Nicola Mingotti via freebsd-questions Subject: Re: DNS Flag Day In-Reply-To: <94D235F9-64E7-4CCF-B2C8-F8EBA871C646@kreme.com> Message-ID: References: <94D235F9-64E7-4CCF-B2C8-F8EBA871C646@kreme.com> User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-KLMS-Rule-ID: 1 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Status: not scanned, disabled by settings X-KLMS-AntiSpam-Interceptor-Info: not scanned X-KLMS-AntiPhishing: Clean, 2019/01/18 15:01:30 X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server, version 8.0.1.721, bases: 2019/01/21 09:56:00 #9390732 X-KLMS-AntiVirus-Status: Clean, skipped X-Rspamd-Queue-Id: CE3D98ED45 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dmarc=pass (policy=none) header.from=nber.org; spf=pass (mx1.freebsd.org: domain of feenberg@nber.org designates 198.71.6.79 as permitted sender) smtp.mailfrom=feenberg@nber.org X-Spamd-Result: default: False [-2.81 / 15.00]; ARC_NA(0.00)[]; SUBJECT_ENDS_SPACES(0.50)[]; NEURAL_HAM_MEDIUM(-0.88)[-0.881,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-0.02)[country: US(-0.08)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: smtp.nber.org]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[nber.org,none]; RCVD_IN_DNSWL_MED(-0.20)[79.6.71.198.list.dnswl.org : 127.0.4.2]; RCVD_COUNT_ONE(0.00)[1]; NEURAL_HAM_SHORT(-0.40)[-0.399,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:26287, ipnet:198.71.6.0/23, country:US]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2019 15:44:36 -0000 On Mon, 21 Jan 2019, @lbutlr wrote: > On 20 Jan 2019, at 13:49, Daniel Feenberg wrote: >> Is DNS Flag Day something that should concern someone using FreeBSD 11.2 for name service? I ran the tester at: >> >> https://dnsflagday.net/ >> >> and it indicated a need for concern, but the details were unintelligible and there was no suggestion of "what to do". > > Without knowing what the messages were, it?s pretty much impossible to give you any advice. > > When I checked my domain, it simply replied with ?SLOW? in a red circle. > > ?\_(?)_/? > > I can live with slow for now. I suppose I should read up on RFC 6891 though and this time for sure get DNSSEC setup. > I thought it was checking for the problems that might have happened on the flag day, but in addition it was checking for all sorts of other potential problems, and giving unclear messages about them in addition. It appears that if you have a recent FreeBSD, the flag day is of no concern. There are only a handful of DNS servers in wide distribution - odd that there is no list of compliant versions anywhere on the web. Daniel Feenberg