Weekly Comments

29 January - 4 February 2019

On 1 Feb 2019, major DNS software and service providers have ceased implementing DNS resolver workarounds for systems that are non-compliance with the Extension to DNS (EDNS) protocol.
On 1 Feb 2019, major DNS software and service providers have ceased implementing DNS resolver workarounds for systems that are non-compliance with the Extension to DNS (EDNS) protocol. EDNS was introduced in 1999 to allow more information to be added in DNS messages and establish rules for responding to queries with EDNS options or flags. The workarounds were implemented to address interoperability issues as many DNS service products at that time were not able to handle EDNS queries. These workarounds will be disabled by many DNS providers such as Google Public DNS and OpenDNS to make DNS operation more efficient and allow DNS operators to deploy new functions such as protection against DDoS attacks. Due to the change, domains hosted on servers which do not fully support EDNS may be unreachable or suffer degraded performance. Organisations can use Internet Systems Consortium (ISC) compliance tool available at <hxxps:>to check if internal DNS services are affected by the change. 

References:
[1] DNS Flag Day 2019
[2] EDNS Compliance Tester
[3] DNS Flag Day – February 1, 2019</hxxps:>
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence