[dns-operations] Any good name server fingerprinting software nowadays, and flag day prep

Mark Andrews marka at isc.org
Thu Jan 31 03:14:55 UTC 2019



> On 31 Jan 2019, at 12:19 pm, Doug Barton <dougb at dougbarton.email> wrote:
> 
> I'm trying to lend a hand on flag day stuff for my peeps, and so I was looking to fingerprint a server we have questions about. It seems fpdns has not been updated in a wee bit, so I'm wondering if anyone has suggestions for a more up to date tool?
> 
> Also, I'm curious if anyone is expecting a DNS-pocalypse on 2/1? There has been surprisingly little chatter here on the runup to the big day, so I'm hoping that is a sign that it's going to be mostly a non-event?  (Thanks in large part of course to the efforts of many here over the past year.)

It was always going to be mainly a non event, in terms of sites failing.  Really old windows servers that should have been upgraded a decade ago and firewalls that block EDNS(0) queries.  They are the DNS flag day problems and there where very few of them before we even started.  20 years of EDNS and 4 years of sending out DNS COOKIE requests had cleared most of them out.

What has been good is many sites upgrading ancient code which and removing firewalls that blocked EDNS(1) queries and those that blocked queries with unknown and NSID options.  Deploying changes in the future will be easier.

> Thoughts and suggestions welcome,
> 
> Doug
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org





More information about the dns-operations mailing list