DNS Flag Day – Telkom website does not support latest security features

A coalition of Internet companies recently announced they will stop supporting workarounds to accommodate a Domain Name System (DNS) operators who do not comply with the latest standards.

DNS is the system that translates domain names into Internet Protocol addresses that can be processed by devices.

The changes will be implemented from 1 February 2019, a date dubbed DNS Flag Day.

The companies said that DNS is unnecessarily slow and inefficient because of efforts to accommodate a few systems that are not in compliance with DNS standards established two decades ago.

“This change will affect domains hosted on authoritative servers which do not comply either with original DNS standards from 1987, or the newer EDNS standards from 1999,” they said.

Companies who form part of the coalition include Cisco, Cloudflare, Facebook, Google, and Quad9.

The DNS Flag Day website includes a way to test domains for compliance with the new standards.

Testing the domains of South Africa’s largest hosting and Internet service providers resulted in an error message for a big player’s website – Telkom.

“This domain does not support latest DNS standards. As a consequence this domain cannot support the latest security features and might be an easier target for network attackers than necessary,” the DNS Flag Day website warns.

To find out if organisations are prepared for the change, we spoke to South Africa’s Internet players.


Nishal Goburdhan, Internet exchange point manager for INX-ZA, said that all the INX servers are fully compliant and ready for DNS Flag Day.

“The INX nameservers are authoritative not only for the Internet exchanges, but the South African government (gov.za) and many IXPs and community-benefit projects in Africa,” said Goburdhan.

INX-ZA logo


Teraco and NAPAfrica’s technical manager for interconnection and peering Andrew Owens told MyBroadband that their internal network and DNS is ready.

“Our outgoing DNS services are hosted by Cloudflare, one of the movement’s strongest supporters, and is therefore compliant. Our reverse DNS is hosted internally and has also been tested to ensure 100% compliance,” Owens said.

Owens clarified that Teraco does not offer any hosting or networking services to clients within the data centre, so clients will be responsible for their own DNS Flag Day readiness.

Teraco logo


Hetzner said its network and hosting environment is ready for DNS Flag Day.

Hetzner logo on building

Internet Solutions

Internet Solutions said its DNS servers are ready. Its domains and those of clients who host with them have passed all the tests, it said.

Internet Solutions Logo


Afrihost said it anticipated the change and ensured that it and its clients are not affected.

“We have finalised our changes, and we’re prepared for the change. We will monitor closely for anything unexpected,” Afrihost said.

Afrihost logo


Webafrica CTO Alan Kirton told MyBroadband they have completed their preparations for DNS Flag Day and don’t expect any surprises.

“Our DNS requirements are handled predominantly by Cloudflare, or on the caching side by IS,” said Kirton.

Webafrica logo new

Packet Clearing House

Packet Clearing House provides DNS secondary services to almost 400 top-level domains.

“All of PCH’s global infrastructure is in full compliance with the DNS Flag Day suggestions,” it said.

Packet Clearing House logo


MTN spokesperson Jacqui O’Sullivan confirmed that their network and hosting environments are ready for DNS Flag Day.

“MTN has done its due diligence and does not expect any issues on the big day.”

MTN Store


Vodacom said it is ready for DNS Flag Day and will meet the 1 February 2019 deadline.

Vodacom Store

Liquid Telecom

Liquid Telecom said that their network and hosting environments are fully compliant and ready for DNS Flag Day.

Liquid Telecom

Telkom – No comment

Telkom did not respond to a request for comment about the DNS Flag Day warning.

The company previously told MyBroadband that its systems have been updated for the key change and it will monitor its DNS environments during the switch.

“Telkom’s DNS systems have been updated with the new keys, both on SAIX and Telkom Internet,” a Telkom spokesperson told MyBroadband at the time.

Now read: Major DNS overhaul to hit the Internet

Latest news

Partner Content

Show comments


Share this article
DNS Flag Day – Telkom website does not support latest security features