DNS Flag Day Set to Immobilize Thousands of Websites Offline for Hours or Days

If you own a website or know your way around the internet, today is the what internet savvy people call DNS Flag Day. The day marks the global change in Domain Name System (DNS) which is one of the key technologies that support the internet and will hit tens of thousands of websites around the globe that haven’t prepared for it. The websites that are affected will be offline until the issues are corrected and this could be hours or days depending on the issue along with the time it will take to fix it. The better news for concerned website owners is the phased rollout which means that some of the websites might not be knocked offline until tomorrow or the next day.

It is natural to assume that big organizations may have done their homework but reports suggest that even a number of banks and major government departments were among those whose sites would have knocked offline. It is safe to say that DNS providers have been more than patient as they were aware of the loop holes decades ago but with the exponential growth of the internet along with security threats, it is about time the long-awaited implementation happened.

Thousands of systems have been noncompliant for decades either with the newer extension to DNS (EDNS) protocol or even the original DNS standard.

“This change will affect authoritative servers which do not comply either with the original DNS standard from 1987 (RFC1035) or the newer EDNS standards from 1999 (RFC2671 and RFC6891),” the DNS Flag Day site explained. The DNS providers listed as participating in DNS Flag Day include Cisco, CleanBrowsing, CloudFlare, CZ.NIC, Facebook, Internet Systems Consortium, NLNetLabs, PowerDNS and Quad9.

The DNS providers listed as participating in DNS Flag Day include Cisco, CleanBrowsing, CloudFlare, CZ.NIC, Facebook, Internet Systems Consortium, NLNetLabs, PowerDNS and Quad9.

Microsoft issued an announcement this week indicating that it is only detecting “minor problems,” at worst, on the DNS services that are used with its Azure datacenter traffic. It is rolling out fixes, but they may not all get completed until after DNS Flag Day. However, the delay “is not expected to cause any impact to our customers or services,” Microsoft indicated. No actions are required by Azure customers.

Similarly, no actions are needed by ordinary Internet users lacking domain name ownership, according to the DNS Flag Day page.

Windows Server users could get a “Minor problems detected” message after running the tests, but functionality won’t be affected, according to a Jan. 31 Microsoft support article. Microsoft plans to deliver fixes for Windows Server via the Windows Update service after DNS Flag Day.

“No action is required for the DNS Server Role on DNS Flag Day,” the Windows Server support article indicated. It added that “Administrators will need to install enhancements when they become available on Windows Updates.” 

DNS is used to resolve server locations designated by numerical Internet addresses into the more user-friendly Internet site domain names. For instance, “Redmondmag.com” is one such user-friendly domain name for numbers like “66.77.93.122.” The Redmondmag.com domain passed the test that’s available on the DNS Flag Day’s page:

It’s also possible to run this test from the Internet Systems Consortium website. However, you will have to watch out for timeouts, firewalls or intrusion protection systems that may affect the tests if doing so, according to a Center for Internet Security post on DNS Flag .