A coalition of Internet companies recently announced they will stop supporting workarounds to accommodate a Domain Name System (DNS) operators who do not comply with the latest standards.
DNS is the system that translates domain names into Internet Protocol addresses that can be processed by devices.
The changes will be implemented from 1 February 2019, a date dubbed DNS Flag Day.
The companies said that DNS is unnecessarily slow and inefficient because of efforts to accommodate a few systems that are not in compliance with DNS standards established two decades ago.
“This change will affect domains hosted on authoritative servers which do not comply either with original DNS standards from 1987, or the newer EDNS standards from 1999,” they said.
Companies who form part of the coalition include Cisco, Cloudflare, Facebook, Google, and Quad9.
The DNS Flag Day website includes a way to test domains for compliance with the new standards.
Testing the domains of South Africa’s largest hosting and Internet service providers resulted in an error message for a big player’s website – Telkom.
“This domain does not support latest DNS standards. As a consequence this domain cannot support the latest security features and might be an easier target for network attackers than necessary,” the DNS Flag Day website warns.
To find out if organisations are prepared for the change, we spoke to South Africa’s Internet players.
Nishal Goburdhan, Internet exchange point manager for INX-ZA, said that all the INX servers are fully compliant and ready for DNS Flag Day.
“The INX nameservers are authoritative not only for the Internet exchanges, but the South African government (gov.za) and many IXPs and community-benefit projects in Africa,” said Goburdhan.
Teraco and NAPAfrica’s technical manager for interconnection and peering Andrew Owens told MyBroadband that their internal network and DNS is ready.
“Our outgoing DNS services are hosted by Cloudflare, one of the movement’s strongest supporters, and is therefore compliant. Our reverse DNS is hosted internally and has also been tested to ensure 100% compliance,” Owens said.
Owens clarified that Teraco does not offer any hosting or networking services to clients within the data centre, so clients will be responsible for their own DNS Flag Day readiness.
Hetzner said its network and hosting environment is ready for DNS Flag Day.
Internet Solutions said its DNS servers are ready. Its domains and those of clients who host with them have passed all the tests, it said.
Afrihost said it anticipated the change and ensured that it and its clients are not affected.
“We have finalised our changes, and we’re prepared for the change. We will monitor closely for anything unexpected,” Afrihost said.
Webafrica CTO Alan Kirton told MyBroadband they have completed their preparations for DNS Flag Day and don’t expect any surprises.
“Our DNS requirements are handled predominantly by Cloudflare, or on the caching side by IS,” said Kirton.
Packet Clearing House
Packet Clearing House provides DNS secondary services to almost 400 top-level domains.
“All of PCH’s global infrastructure is in full compliance with the DNS Flag Day suggestions,” it said.
MTN spokesperson Jacqui O’Sullivan confirmed that their network and hosting environments are ready for DNS Flag Day.
“MTN has done its due diligence and does not expect any issues on the big day.”
Vodacom said it is ready for DNS Flag Day and will meet the 1 February 2019 deadline.
Liquid Telecom said that their network and hosting environments are fully compliant and ready for DNS Flag Day.
Telkom – No comment
Telkom did not respond to a request for comment about the DNS Flag Day warning.
The company previously told MyBroadband that its systems have been updated for the key change and it will monitor its DNS environments during the switch.
“Telkom’s DNS systems have been updated with the new keys, both on SAIX and Telkom Internet,” a Telkom spokesperson told MyBroadband at the time.