, 9 tweets, 2 min read Read on Twitter
I suggest ignoring this thread on EDNS Flag Day. Reading it will leave you misinformed.
DNS has two kinds of servers: Authoritative and Caching/Resolving servers. Back in 1999, an extension to DNS was defined called EDNS. It was then also defined how any kind of server that receives a question with EDNS on it should respond. In 1999! 2/
The problem now is that some authoritative servers (that host domain name details), go crazy when you send them an EDNS query. They provide no response, a crazy response or sometimes a confusing response ("I support EDNS, but not that kind"). 3/
When applications and users look up domain names, they send queries to Caching/Resolving servers. These in turn these days send out EDNS queries to Authoritative Servers. And, up to now, these servers took extensive measures to deal with crazy EDNS responses or timeouts. 4/
EDNS Flag Day is the day where the workarounds (start to) get removed from Caching/Resolving implementations. This means that if your Authoritative Server was sending illegal or no responses to EDNS queries already, Caches/Resolving servers will no longer compensate for that. 5/
Now, who is impacted? Giant scans were made of the internet and whole classes of failures have already been notified & fixed in 2018. What remains are mostly custom nameservers and load balancing appliances with shady DNS implementations. 6/
After a year of making noise about EDNS Flag Day, suddenly people are paying attention and is it becoming clear that some important domains will actually be impacted. The impact ranges from "slow down" to "domain might break outright". 7/
Finally, why are we doing all this? When an Authoritative Server does not respond for any reason, this could previously be a timeout (server down, unreachable) or an EDNS mistake that we'd try to work around. This slows down the whole internet & generates a ton of fragile code 8/
In 2019 it was time to stop working around Authoritative implementations not honoring 1999 standards. This will make our code simpler & the internet faster. Also, the questionable Authoritative Servers were probably not patched anyhow, so this will be good for security too. /end
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Bert Hubert 🇪🇺
Profile picture

Get real-time email alerts when new unrolls (>4 tweets) are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!