01-17-2019 01:24 PM
I apologize if this is not the right place to post this question, but I was asked to find out if Infoblox will be affected by DNS Flag Day.
"A number of DNS software and service providers have announced that we will all cease implementing DNS resolver workarounds to accommodate DNS authoritative systems that don’t follow the EDNS protocol. Each vendor has pledged to roll out this change in some version of their software by the ‘Flag Day.’ "
If this is not the proper forum for this question, please let me know.
Thanks in advance.
01-17-2019 01:34 PM
DNS Flag day is covered in KB 9983 on the Infoblox support portal. Infoblox will be rolling out official messaging to the community next week some time.
The gists is that Infoblox does not yet have a target as to when we will have a NIOS or ATC version that implements flag day protocol. So recursive queries from your DNS server to others will not change until we have deployed NIOS/ATC code that has this change in it. And it does require a code change on NIOS to make this happen, which we will implement at some point.
That doesn't mean your authoratative servers won't be affected by this as some network policies will prevent EDNS0 from working properly. You can use the various tools for flag day to determin if your doamins are at risk.
Hope this helps to answer your questions. If you need more details please consult the support portal or enter a support ticket.
01-22-2019 02:55 PM
Just FYI, the updated KBs for DNS Flag day are live.
External NIOS KB: https://support.infoblox.com/app/answers/detail/a_id/9983/kw/9983
External ATC KB: https://support.infoblox.com/app/answers/detail/a_id/10029/kw/10029