NameSilo

Major DNS changes on Feb 1

Labeled as alert in Warnings and Alerts started by Paul Buonopane, Jan 19, 2019.

Replies:
51
Views:
5,706

  1. Jurgen Wolf

    Jurgen Wolf Top Member VIP ★★★★★★★★★★

    Posts:
    8,404
    Likes Received:
    6,555
    These email mechanisms were designed for Name/Brand protection.
    If you don't need them - this is another story and your own choice.
     
    Last edited: Jan 19, 2019
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Paul Buonopane

    Paul Buonopane CTO, NamePros CTO VIP

    Posts:
    1,284
    Likes Received:
    2,147
    It's been planned for a while but unfortunately hasn't received much attention. I only just recently found out myself. The underlying improvements have been around since 1999; what's being dropped (finally) are workarounds that permit backwards compatibility with the pre-1999 protocol. The workarounds cause a number of issues, and permitting pre-1999 DNS at all can be dangerous, so this is long overdue. The deadline itself, though, is relatively new (~1 year, I believe, but don't quote me on that).

    In my tests, when the site indicates slow, post-Flag Day-style lookups increased by upwards of 3 seconds. If it says "slow", you should be concerned.

    Based on my testing and understanding of the intended changes, it seems as though it will be destructive if people aren't prepared. I wouldn't expect the internet to collapse, but there are probably going to be sporadic outages of various services on Feb 1. Because word hasn't really spread, it's going to take big companies time to figure out what's wrong and why it's not affecting some customers.

    Anyone who's tried to automatically forward emails from NamePros without a proper DKIM and/or ARC implementation can attest that lack of DKIM-compatibility does, in fact, break stuff. We don't see it too often, but it does happen from time to time.

    Correct--at least, all the reputable ones. Who knows what Yahoo does. They're still using spam filtering tech from the 90's.

    Well... in theory, yes, but in practice, deliverability rates drop significantly. This may not be relevant for an individual, but for an organization like NamePros that sends hundreds of thousands of emails per month, one additional percentage point of bounces means thousands of dropped emails. Basically, by implementing DKIM + SPF + DMARC on our end, we're providing the recipients with additional assurance that the emails came from us, which can cut down on certain kinds of rejections. Many forms of unwanted email either aren't able or don't bother to make these assurances. We've seen near-100% deliverability since implementing DMARC. If we were to exclude Yahoo, it'd probably be just a handful of emails shy of 100%.

    They can be used for that, but they're actually primarily to prevent phishing. For NamePros, it's not about our brand; it's about protecting our users from fraud and related issues. Many other organizations are in a similar boat, and some industries mandate the usage of DMARC. Spear phishing is a big issue. I always use DKIM + SPF + DMARC, even for my personal domains. It's quick, easy, and effective.
     
    Last edited: Jan 20, 2019
  3. Nikhil Jain

    Nikhil Jain Top Member VIP

    Posts:
    2,699
    Likes Received:
    2,916
  4. eurorealtor

    eurorealtor okre.com VIP

    Posts:
    1,718
    Likes Received:
    1,566
    VodaHost, Uniregistry, GD - OK
    Dynadot - not so good
     
  5. RockBros

    RockBros Established Member ★★★★★★★★★★

    Posts:
    135
    Likes Received:
    66
    @Dynadot

    Fatal error detected!

    This domain is going to STOP WORKING after the 2019 DNS flag day!
     
  6. Crypto King

    Crypto King Peculium.com . AngelLead.com . BVMI.com VIP

    Posts:
    1,666
    Likes Received:
    577
    @Andreia Soares - Hi Andreia, As the only person I know on NamePros that is a BrandBucket employee I thought I'd tag you so you can make BrandBucket aware of this DNS Flag issue. Many of us on NamePros (me included) have names published on BB so would be good to see this resolved :)
     
  7. Dynadot

    Dynadot Member Dynadot Staff ICA Member VIP

    Posts:
    237
    Likes Received:
    482
    Thank you to everyone who has tagged us in the thread, we don't have an update at this time unfortunately but our team are working on this and we will post an update as soon as we have some more information.
     
  8. NameDeck

    NameDeck Design. Develop. Deploy. VIP

    Posts:
    1,713
    Likes Received:
    724
    Another reason to use your own DNS servers. I've been using PowerDNS for ages and am glad they addressed this isue in the past. Keeping the software updated does the trick. I'm glad they will be enforcing edns as it should provide an extra layer of protection. Think of it in the way that Google gradually starts to enforce websites using an encrypted connection (SSL). Maybe we dont realise it (yet) but we all benefit from this. Unless your're in the certificate business ofcourse as since they started pushing SSL it has basically become available for free:)

    Back on topic, if you're using your shared hosting provider's DNS I'd check for sure. You'd be amazed how many hosting companies think lightly of a good configured DNS setup. If you want some insight on your domains give intodns.com a try. They do a great generic check on your domain DNS health although a custom setup may raise some flags that aren't necessarily a bad thing.
     
  9. wakguano

    wakguano Established Member

    Posts:
    437
    Likes Received:
    761
    Im summoning @namesilo

    Im using your dns for one site(very important site)

    Should i be worried?

    Thanks
     
  10. namesilo

    namesilo Top Member NameSilo Staff VIP

    Posts:
    754
    Likes Received:
    2,160
    Thanks for tagging us in this thread. We are already compliant with the required updates so there shouldn't be any issues on Feb 1st.

    The beauty of our DNS is that it is very simple - 99.9999% of replies fit in 512bytes, a single legacy DNS UDP packet. They note that "failure to address issues identified here may make future DNS extensions that you want to use ineffective". EDNS is largely about squeezing more than 512 bytes in a reply without replying with a truncated response over UDP to initiate a retry over TCP.

    Basically, this all means that you don't need to worry about this on our end.
     
    Last edited: Jan 22, 2019
  11. thekiller

    thekiller Top Member VIP

    Posts:
    2,004
    Likes Received:
    2,309
    Anyone using cloudflare's DNS should be OK.
     
  12. Ollie3000

    Ollie3000 Top Member VIP

    Posts:
    839
    Likes Received:
    857
    Most of my domains on Go Daddy are all good. However the ones using https (SSL) are coming back with 'Minor problems detected!'

    What would cause this? One in particular uses what is called an EV SSL - entire global organisation covered under one SSL.
     
  13. Jurgen Wolf

    Jurgen Wolf Top Member VIP ★★★★★★★★★★

    Posts:
    8,404
    Likes Received:
    6,555
    SSL has no any relations to nameservers (DNS).
     
  14. Ollie3000

    Ollie3000 Top Member VIP

    Posts:
    839
    Likes Received:
    857
    That's strange then that those only would have problems.
     
  15. Jurgen Wolf

    Jurgen Wolf Top Member VIP ★★★★★★★★★★

    Posts:
    8,404
    Likes Received:
    6,555
    Open WHOIS...
    And check nameservers...
    The same NS as for other your domains?
     
  16. Furquah

    Furquah Skipper VIP

    Posts:
    3,317
    Likes Received:
    2,318
  17. Nick V

    Nick V TLD.PARTNERS VIP

    Posts:
    2,893
    Likes Received:
    754
    However:
     
  18. cipcip

    cipcip Owner of TutorialIndex.com VIP ★★★★★★★★★★

    Posts:
    1,637
    Likes Received:
    756
    @Dynadot Will this be ready until Feb 1st? Or our websites will become not accessible for a while ?!

    Thank you
     
  19. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    923
    Likes Received:
    2,449
    Folks,

    Epik has no critical issues and will have zero issues before February 1. However, before February 1, we are also adding a few additional features for DNS resiliency as follows:

    1. Resilient / Distributed DNS with full support for IPv6, DNSSEC, etc. This will go to all customers -- essentially adding Cloudflare/Anycast resiliency to any domain for free to customers who use Epik DNS.

    2. A free VPN service and DNS resolver that is part of the framework for so-called "Unstoppable Domains" that resolve even when DNS fails. It is based on the industry best practice OpenDNS but uses a proprietary distributed Content Delivery Network. You can already retrieve the free VPN here:

    https://anonymize.com/

    Side note - Anonymize.com will become a full privacy suite, not just free WHOIS protection but also VPN, web proxy, and proxy search.

    3. A no-track, resilient free DNS resolver which you can start using today instead of 8.8.8.8. Here it is:

    DNS Server 1: 51.38.71.20
    DNS Server 2: 192.99.212.40

    Incidentally, if you use these DNS, even if the public DNS breaks, any domains using Epik DNS will continue to resolve normally.

    Finally, I want to acknowledge the community and the registrars for getting the word out. I would like to know from Godaddy how they knew about this change well before most other registrars. Weird times.
     
  20. Jurgen Wolf

    Jurgen Wolf Top Member VIP ★★★★★★★★★★

    Posts:
    8,404
    Likes Received:
    6,555
    Ionos (1and1) is also OK.
     
  21. xynames

    xynames XYNames.com PRO VIP

    Posts:
    3,173
    Likes Received:
    5,325
    Might be minor issues at some of these landing pages places like UnDeveloped etc. or at parking cos. but I doubt any major hosting company hostgator hostinger etc. is going to have any issues whatsoever.
     
    Last edited: Jan 24, 2019
  22. Paul Buonopane

    Paul Buonopane CTO, NamePros CTO VIP

    Posts:
    1,284
    Likes Received:
    2,147
    You'd be surprised. The team behind DNS Flag Day did a very poor job of spreading the word. It was publicly announced almost a year ago, but little effort was made to ensure it received adequate attention. I only just found out about it recently.

    No, that's unrelated. If you see that again, please DM me with details or use the support widget in the bottom-right corner of the page. 502 doesn't always indicate this, but when it's a white page with "cloudflare" on it, it's a problem on Cloudflare's end.
     
  23. xynames

    xynames XYNames.com PRO VIP

    Posts:
    3,173
    Likes Received:
    5,325
    Well I and clients of mine just tested websites hosted at hostgator and hostinger all came back A-Okay.

    I tested the parking co. I use, and minor issues were there.

    So, I really do think that the major hosting cos. are on top of this, but parking and the landing page only outfits might not yet be.
     
  24. Paul Buonopane

    Paul Buonopane CTO, NamePros CTO VIP

    Posts:
    1,284
    Likes Received:
    2,147
    There are definitely a large number of major companies that are still noncompliant. I'm waiting on a report from a friend in the security industry to give exact numbers, but the spot testing I've done doesn't look promising.
     
  25. kashioz

    kashioz New Member

    Posts:
    3
    Likes Received:
    1
    Tomorrow DNS changes Day on Feb 1
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:

Share This Page

NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...