Geeks for your information

Geeks for your information > News > Privacy & Security News > DNS DDoS Attack Protections to be Forcefully Enabled for Non-Compliant Sites
Full Version: DNS DDoS Attack Protections to be Forcefully Enabled for Non-Compliant Sites
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

silversurfer

29 January 19, 13:20
Quote:Multiple DNS software and service providers will update their DNS software to speed up DNS traffic and fight against DDoS attacks by stopping the implementation of DNS resolver workarounds still used by numerous DNS authoritative systems.

The change will be added by major resolver vendors (i.e., ISC, CZ NIC, NLNET Labs, PowerDNS) to their open source DNS resolvers, an update that will directly affect all authoritative servers that "do not comply either with the original DNS standard from 1987 (RFC1035) or the newer EDNS standards from 1999 (RFC2671 and RFC6891)."

According to the DNS Flag Day GitHub page:
"The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019. This change affects only sites which operate software which is not following published standards."

At the moment, CZ.NIC, Cloudflare, NLnet Labs, CleanBrowsing, ISC, PowerDNS, Facebook, Cisco, Google, and Quad9 are the DNS software and service providers backing this initiative.

Source: https://www.bleepingcomputer.com/news/se...ant-sites/
Geeks for your information > News > Privacy & Security News > DNS DDoS Attack Protections to be Forcefully Enabled for Non-Compliant Sites