Have you tried testing from here https://ednscomp.isc.org/ednscomp It gives a little more explanation and breakdown of errors Cheers Jodi ----- Original Message ----- From: "Richard Hector" To: "nznog" Sent: Thursday, January 31, 2019 2:02:49 PM Subject: [nznog] DNS flag day - more info somewhere? Hi all, I hope this is more or less on topic ... I've been testing my zones with the tool at https://dnsflagday.net/ and getting results I don't entirely understand. I get errors from my secondary (ns2), which is a service from my VPS provider, and ok from my master (ns1), which I run myself. But apart from ns2 returning an aa flag for a failed query, I can't see any difference in the results, when I run the query manually from my desktop (having upgraded dnsutils to one that supports +nocookie) Additionally, the tool says an SOA record is returned (from the failed query), and I don't see that. Is there more detailed info somewhere? The tool does say my zone will continue to work but will have issues in the future, so I'm not immediately worried. Cheers, Richard _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog

Hi Richard: The interpretation of the results from the site has been deemed by some as rather obscure because it doesn't include the use case for each test. If your nameservers host a .nz domain I can check the output of our DNS Flag day runs and give you the historical results and possible guide you on what means what. (I'm presenting about DNS Flag day tomorrow during the morning session of NZNOG 2019) Cheers, On Thu, Jan 31, 2019 at 2:03 PM Richard Hector wrote:

Hi all,

I hope this is more or less on topic ...

I've been testing my zones with the tool at https://dnsflagday.net/ and getting results I don't entirely understand.

I get errors from my secondary (ns2), which is a service from my VPS provider, and ok from my master (ns1), which I run myself. But apart from ns2 returning an aa flag for a failed query, I can't see any difference in the results, when I run the query manually from my desktop (having upgraded dnsutils to one that supports +nocookie)

Additionally, the tool says an SOA record is returned (from the failed query), and I don't see that.

Is there more detailed info somewhere? The tool does say my zone will continue to work but will have issues in the future, so I'm not immediately worried.

Cheers, Richard _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog

-- Sebastian Castro Chief Scientist @ InternetNZ desk: +64 4 495 2337 mobile: +64 21 400535

If it helps there is a talk on this tomorrow at NZNOG. http://www.nznog.org/nznog-2019/nznog-2019-programme You can watch the stream online. Dave On Thu, Jan 31, 2019 at 2:03 PM Richard Hector wrote:

Hi all,

I hope this is more or less on topic ...

I've been testing my zones with the tool at https://dnsflagday.net/ and getting results I don't entirely understand.

I get errors from my secondary (ns2), which is a service from my VPS provider, and ok from my master (ns1), which I run myself. But apart from ns2 returning an aa flag for a failed query, I can't see any difference in the results, when I run the query manually from my desktop (having upgraded dnsutils to one that supports +nocookie)

Additionally, the tool says an SOA record is returned (from the failed query), and I don't see that.

Is there more detailed info somewhere? The tool does say my zone will continue to work but will have issues in the future, so I'm not immediately worried.

Cheers, Richard _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog