Reset Search
 

 

Article

KB43996 - ISC DNS Flagday and what does it mean for vADC customers

« Go Back

Information

 
Last Modified Date1/3/2019 12:45 PM
Synopsis
Problem or Goal
ISC is holding a "DNS flag day" on 1 February 2019, action that was announced back in October 2018:

https://ripe77.ripe.net/presentations/7-flagday.pdf

Following new tradition, this event has a logo and a website:

https://dnsflagday.net/

Under the "Domain Owners" section of the page above, there is a form to test your domain, which might produce few cryptic errors, for example:

ednsflags=mbz mbz - EDNS flags echoed back.

edns512tcp=timeout timeout - lookup timed out.
Cause
Solution
First, check if vTM is handling DNS traffic for the domain concerned. If it does, check the error codes ISC DNS Flag Day website is showing:

ednsflags=mbz mbz - EDNS flags echoed back.

This is something that vTM does not do by itself, but if vTM is in pass-through mode, and back-end (real) DNS server exhibit that behaviour, vTM would pass-through such flags intact. If you get this error, check that:

- vTM's DNS virtual server is indeed in pass-through mode (i.e. pool selected is anything but "builtin_dns");

- Back-end (real) DNS servers are capable of handling EDNS0 extension flags. You might need to talk to back-end DNS server's vendor if this is not the case.

edns512tcp=timeout timeout - lookup timed out.

This error is most commonly seen when when no DNS/TCP virtual server is configured. To comply with ISC DNS Flagday, add a new virtual server with internal protocol set to "DNS/TCP", and copy other configuration from existing "DNS/UDP" virtual server. Also, if pass-through mode is in use, make sure that back-end server is capable of handing DNS/TCP too.
Related Links
Attachment 1 
Created ByAndy Chernyak

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255