On checking I find that any of our domains that use Network Solutions’ Worldnic.com nameservers are reporting failures when checked.
For example this result: https://ednscomp.isc.org/ednscomp/e30c6cf0ea Other people online have posted about Network Solutions as they also saw failures. On calling Network Solutions today they told me they are compliant despite what was reported by https://dnsflagday.net/ This issue is with domains registered at Network Solutions and using their Advanced DNS (i.e. their Worldnic name servers). Other domains we have registered with them but pointing to other name servers (i.e. our own BIND servers) displayed as compliant. When I sent them the links they saw what I saw but still claimed they are compliant. They refused to send me something in writing stating that so I suggested they reach out to ISC regarding the checker’s results if they believe they are compliant, but they said they don’t see the need. I’ve asked them to escalate and they say they have but I suspect I’ll not hear back from them. Is there a list of known edns compliant Registrar name severs for the larger Registrars? Is it possible the failures seen are false? If so, are there alternate edns compliance checkers that might show different responses than dnsflagday.net? From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Ben Croswell Sent: Friday, January 18, 2019 12:19 PM To: bind-users@lists.isc.org Subject: Re: DNS flag day I shouldn't have posted so closely to responding to the other user. I am not running 9.8. I was replying to them about firewalls in regards to their 9.8 issues. Was just hoping for a statement of 9.x or greater supports the needed badvers signaling etc. On Fri, Jan 18, 2019, 12:15 PM Victoria Risk <vi...@isc.org<mailto:vi...@isc.org> wrote: On Jan 18, 2019, at 9:09 AM, Ben Croswell <ben.crosw...@gmail.com<mailto:ben.crosw...@gmail.com>> wrote: Has ISC released minimum viable BIND version for flag day? Most versions of BIND authoritative servers, going back years, are EDNS compatible. Certainly ALL currently supported versions are compatible. I see you are running 9.8, which has been EOL since September, 2014. I think that is probably fine, as far as EDNS, however. The change in BIND related to DNS Flag Day is removing workarounds from resolvers, that will retry without EDNS or otherwise try to proceed even when EDNS fails. This change came in the BIND 9.13 development version, and will be in BIND 9.14, which is not yet released. The problem you are seeing is most likely firewall-related. Vicky I looked around and couldn't find anything. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
