Are You Ready for the Dns Flag Day?

January 19, 2019

An important change in the way DNS operates is coming. On February 1st 2019 some of your visitors might have trouble reaching you. Are you ready for the change?

DNS is critical for your email operations. Routing messages, anti-spam filtering, email rendering and engagement — those all depend on a DNS service that performs quickly and reliably. However DNS is one of those services that once correctly setup for the first time, can be left alone for years without needing much attention. Because of this, changes to the DNS take years to complete. In this case, almost 20 years.

This glacial pace hinders the introduction of new features or improvements, which is why the DNS Flag Day exists — to stop workarounds that allow incorrectly configured name servers to slow down change for everybody.

ISPs and responsible network operators are likely aware of this. Many of them will have fixed their software or configuration by the flag day. But having a properly rendered email often involves tens to hundreds of DNS queries — images, styles, links that need to point to working Internet destinations. Just one of those resources failing will reduce the effectiveness of your campaign.

Fortunately, a community of world-class experts is behind this. The great folks at ISC provided a test tool to quickly determine whether any name server for your domain name is likely to experience any flag-related issues.

With a recent sample of your email, follow these recommendations.

Area Item Notes
Email headers Domain names for all email addresses, specially Return-Path:, Reply-To:, From: and To: headers Those domain names are very likely to be used by anti-spam filters for real time research. You need to make sure those will continue to resolve without issue.
Email headers Domain part for all host names appearing in the Received: headers involving your own infrastructure. Some filters perform checks on those headers.
HTML Body Domain part of any URL — look for img, href and other tags. The names in those URLs are likely to be resolved. In order to work, the email client will try to use the URL.

What to do if some name servers are affected?

First of all, don’t panic. It’s possible that failing servers are being worked on and will be compliant by flag day.

Simply make a list of the failing servers and get in touch with their operators — your CDN provider, your hosting provider or ISP, etc. Often their support teams will be able to tell you right away whether they are aware of the situation, their action plan and their expected resolution.

Make sure you communicate the issue to them clearly — include links to DNS Flag Day and explain why you think this will affect your email. The below is an example message:

Dear <OPERATOR>,

I'm writing from <CLIENT NAME> to inquire about an issue in the DNS infrastructure supporting <SERVICE>.

As you are probably aware, on February 1st there will be a significant change in DNS resolvers around the world. This event is called DNS Flag Day (https://dnsflagday.net/) and might cause answers from name servers that do not respond according to well known standards to be ignored or lost.

Using the testing tool at https://ednscomp.isc.org/ednscomp we see that name service for <FAILING DOMAIN OR NAME> is likely to be affected by the DNS Flag Day changes, which would in turn affect our operations.

We would like to know about your plans to address this as well as the expected date for completion of any required changes.

Your providers will be happy to work with you and address any issues you’ve found. Also keep in mind that DNS is more complicated than it seems.

With all that said, do not delay. Fixing the issues can take some time and in the unlikely case your provider was not aware of the DNS Flag Day, having more time to make the required fixes is always better.