Peplink DNS, DNSSEC, EDNS


#1

Urgent request for Peplink to update the code for their DNS to support EDNS and DNSSEC. Major DNS services on the internet will implement new policies soon.
" Starting February 1st, 2019 there will be no attempt to disable EDNS as reaction to a DNS query timeout.
This effectivelly means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead . It is important to note that EDNS is still not mandatory. If you decide not to support EDNS it is “okay” as long as your software replies according to EDNS standard section 7. ." https://dnsflagday.net/

I feel that supporting DNSSEC (introduced in 1997) is long overdue. Full EDNS compliance can provide support for DNS cookies (introduced 2014) to help mitigate DNS DDOS attacks, which are on the rise. https://www.isc.org/blogs/partial-edns-compliance-hampers-deployment-of-new-dns-features/


#2

This has already been noted. We are working on it. It will be addressed before the deadline.


#3

The DDNS service has been updated. Tests passed.
image


#4

Do you have an ETA for a firmware update for the DNS services on our dual Balance 2500’s?