DNS flag day

Victoria Risk vicky at isc.org
Fri Jan 18 17:47:42 UTC 2019 


> On Jan 18, 2019, at 9:18 AM, Ben Croswell <ben.croswell at gmail.com> wrote:
> 
> I shouldn't have posted so closely to responding to the other user.

Oh, my mistake.  How is this for a definitve statement?

BIND 9 was designed to be EDNS compliant from very beginning. All currently-supported branches of BIND 9 are EDNS-compliant. That includes 9.11, 9.12 and 9.13.  We strongly advise running a version supported by ISC or the vendor as there could be bugs related to EDNS in earlier versions.

I realize a lot of ppl on bind-users are running eol versions anyway. 
We did poke around a bit here, and found we fixed some minor EDNS issue with change #3949 in 2014. That was also about the time we added dig +ednsopt. I don’t know what the issue was or if it is significant, but I am sure that any version issued since 2014 would be compliant vs the ednscomp tool.

 
> 
> I am not running 9.8. I was replying to them about firewalls in regards to their 9.8 issues.
> 
> Was just hoping for a statement of 9.x or greater supports the needed badvers signaling etc.
> 
> On Fri, Jan 18, 2019, 12:15 PM Victoria Risk <vicky at isc.org <mailto:vicky at isc.org> wrote:
> 
>> On Jan 18, 2019, at 9:09 AM, Ben Croswell <ben.croswell at gmail.com <mailto:ben.croswell at gmail.com>> wrote:
>> 
>> Has ISC released minimum viable BIND version for flag day?
> 
> Most versions of BIND authoritative servers, going back years, are EDNS compatible. Certainly ALL currently supported versions are compatible. I see you are running 9.8, which has been EOL since September, 2014.  I think that is probably fine, as far as EDNS, however.
> 
> The change in BIND related to DNS Flag Day is removing workarounds from resolvers, that will retry without EDNS or otherwise try to proceed even when EDNS fails. This change came in the BIND 9.13 development version, and will be in BIND 9.14, which is not yet released.
> 
> The problem you are seeing is most likely firewall-related.
> 
> Vicky
> 
>> 
>> I looked around and couldn't find anything. 
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

Victoria Risk
Product Manager
Internet Systems Consortium
vicky at isc.org





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190118/006486ab/attachment.html>

More information about the bind-users mailing list