Date: Mon, 21 Jan 2019 10:44:22 -0500 (EST) From: Daniel Feenberg <feenberg@nber.org> To: "@lbutlr" <kremels@kreme.com> Cc: Nicola Mingotti via freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: DNS Flag Day Message-ID: <alpine.BSF.2.21.9999.1901211039270.53399@mail2.nber.org> In-Reply-To: <94D235F9-64E7-4CCF-B2C8-F8EBA871C646@kreme.com> References: <alpine.BSF.2.21.9999.1901201548260.40690@mail2.nber.org> <94D235F9-64E7-4CCF-B2C8-F8EBA871C646@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Jan 2019, @lbutlr wrote: > On 20 Jan 2019, at 13:49, Daniel Feenberg <feenberg@nber.org> wrote: >> Is DNS Flag Day something that should concern someone using FreeBSD 11.2 for name service? I ran the tester at: >> >> https://dnsflagday.net/ >> >> and it indicated a need for concern, but the details were unintelligible and there was no suggestion of "what to do". > > Without knowing what the messages were, it?s pretty much impossible to give you any advice. > > When I checked my domain, it simply replied with ?SLOW? in a red circle. > > ?\_(?)_/? > > I can live with slow for now. I suppose I should read up on RFC 6891 though and this time for sure get DNSSEC setup. > I thought it was checking for the problems that might have happened on the flag day, but in addition it was checking for all sorts of other potential problems, and giving unclear messages about them in addition. It appears that if you have a recent FreeBSD, the flag day is of no concern. There are only a handful of DNS servers in wide distribution - odd that there is no list of compliant versions anywhere on the web. Daniel Feenberg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.21.9999.1901211039270.53399>