The Thai Network Information Centre (THNIC) Foundation, which handles Thai domain names, is warning internet service providers (ISPs), telecom providers, public and private sector to test their domain name system (DNS) software and be ready for DNS Flag Day on February 1, 2019.
At least 10,000 domain names in Thailand may be slowed or disrupted by outdated DNS software in February.
The THNIC and the department of computer engineering at Kasetsart University assessed all 69,938 domains in Thailand and found that 10,000 of the .th domain names, or 15%, could be disturbed.
Those organisations still have time to check the entire DNS before the deadline in February. However, IT management should be ready and educate the help desk and call centre officials in advance as they may have to serve users who will be calling on the day due to other organisations’ DNS.
The DNS is a hierarchical decentralised naming system for computers, services or other resources connected to the internet or a private network.
Surasak Sanguanpong, a lecturer at Kasetsart University’s department of computer engineering and a member of the THNIC committee, said the DNS is an important basic service of the internet.
The existing DNS is unnecessarily slow and suffers from an inability to deploy new features. To remedy these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on Feb 1, known as DNS Flag Day.
The day will mark when organisations behind open-source DNS software implementations deploy changes to their code that could break domains.
From Feb 1, DNS software vendors such as BIND, Knot, NSD, and PowerDNS agree the DNS software of organisations on the internet needs to comply with the EDNS standard (Extension Mechanism for DNS) to avoid server delays, disruption or denial access.
Public DNS service providers such as Google, Quad 9 and Cloudflare have also started to comply with the EDNS.
Organisations whose DNS does not comply with EDNS standards will not be accessible to users.
The main change is DNS software from those vendors will interpret time-outs as sign of a network or server problems.
Starting on Feb 1, there will be no attempt to disable EDNS as a reaction to a DNS query time-out.
This effectively means all DNS servers that do not respond to EDNS queries are going to be treated as dead.
THNIC suggests every organisation that uses DNS to test themselves online to find whether their DNS complies with the EDNS standard at https://ednscomp.isc.org/ednscomp.
Mr Surasak said internet service providers (ISPs) and any firms that have .th domains or other domains need to assess their DNS.
The most common problems are outdated or incorrectly configured software, and incorrectly configured firewalls.
The firewall must not block EDNS services and allow the UDP (user datagram protocol) packet for a DNS pass-through network.
