KB43996 - ISC DNS Flagday and what does it mean for vADC customers

ISC is holding a "DNS flag day" on 1 February 2019, action that was announced back in October 2018:

https://ripe77.ripe.net/presentations/7-flagday.pdf

Following new tradition, this event has a logo and a website:

https://dnsflagday.net/

Under the "Domain Owners" section of the page above, there is a form to test your domain, which might produce few cryptic errors, for example:

ednsflags=mbz mbz - EDNS flags echoed back.

edns512tcp=timeout timeout - lookup timed out.

First, check if vTM is handling DNS traffic for the domain concerned. If it does, check the error codes ISC DNS Flag Day website is showing:

ednsflags=mbz mbz - EDNS flags echoed back.

This is something that vTM does not do by itself, but if vTM is in pass-through mode, and back-end (real) DNS server exhibit that behaviour, vTM would pass-through such flags intact. If you get this error, check that:

- vTM's DNS virtual server is indeed in pass-through mode (i.e. pool selected is anything but "builtin_dns");

- Back-end (real) DNS servers are capable of handling EDNS0 extension flags. You might need to talk to back-end DNS server's vendor if this is not the case.

edns512tcp=timeout timeout - lookup timed out.

This error is most commonly seen when when no DNS/TCP virtual server is configured. To comply with ISC DNS Flagday, add a new virtual server with internal protocol set to "DNS/TCP", and copy other configuration from existing "DNS/UDP" virtual server. Also, if pass-through mode is in use, make sure that back-end server is capable of handing DNS/TCP too.