[AusNOG] The state of DNS in Australia

Mark Andrews marka at isc.org
Thu Jan 31 00:41:13 EST 2019

It looks like DNS flag day has cleaned out a lot of broken DNS implementation and firewalls[1] but there are still holdouts running non-compliant code / firewalls[2] (AWS are in the process for fixing their servers).  The reports show the servers that are sitting behind out of date firewalls from Juniper and Checkpoint as the old code has a distinctive drop patterns.  Both vendors no longer drop well formed EDNS packets with by default. i.e. they pass all specified EDNS options as well as unknown EDNS versions, EDNS flags, and EDNS options.  If you are not sure if your DNS servers and firewalls are compliant you can test them at https://ednscomp.isc.org.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the AusNOG mailing list