Institute for Internet Development called sites that can be disconnected in RuNet from February 1

DNS Flag Day will come on February 1, 2019: changes will be made to the most popular software responsible for DNS - Bind, Knot Resolver, PowerDNS and Unbound. They will only accept traffic that meets the EDNS standard ( RFC 6891 ). Traffic from old and non-upgraded servers will be considered as illegitimate and these servers will no longer be serviced, which may lead to the inaccessibility of sites that are located on these servers.

For most common sites, DNS Flag Day will pass unnoticed. If they are hosted on popular hosting. Complications may arise for those companies that independently maintain their own DNS servers, as well as many government agencies that do not update the software too quickly in their infrastructure, warns Cisco .

Yesterday, the Institute for Internet Development called sites that can turn off in RuNet from February 1. As of December 2018, 104 DNS servers in the domain zones .ru and .рф are not ready for DNS Flag Day, the study says.

According to experts, the sites of banks and government agencies in Russia may be inaccessible, and some of the resources will work intermittently.

Here are the sites for which the dnsflagday.net verification tool reports a critical issue. These sites may not be available:

• Federal Customs Service
  
• Ministry of Education and Science
  
• Ministry of Environment
  
• Ministry of Agriculture
  
• a number of regional governments — for example, the Ulyanovsk Region, Yakutia, and Mari El
  
• Promsvyazbank

Initially, the list also included the sites of the Nizhny Novgorod Region and UniCredit Bank, but they improved.

Sites that may start to work intermittently:

• Sberbank
  
• Federal Fishery Agency
  
• Ministry of Finance
  
• Ministry of Energy
  
• regional governments of Bashkortostan, Adygea, North Ossetia, Vladimir, Irkutsk, Leningrad, Novosibirsk, Rostov regions, plenipotentiaries of the Southern and Far Eastern federal districts

The Institute for Internet Development recommends system administrators to update the software on the servers, check the support of EDNS, or transfer the support of the domain zone to one of the DNS hosting sites.

Now, if a recursive server sends a request in a new format and does not receive a response, then it sends the request again in the old format - in case the authoritative server has outdated software. “However, after February 1, the server will no longer use the old request format - it will only ask once,” explained RBC Director of the Coordination Center for Domains RU / RF (CK) Andrei Vorobyov. According to Internet Systems Consortium, the vast majority of popular resources support the extension of EDNS on their servers, including 100% of the root and top-level domain servers (.org, .com, etc.), about 99% of the servers serving the top 1000, according to Alexa. However, some Russian banks and government agencies are not doing well.

Concerning the problems of Sberbank , jokes are spreading on the Internet that you need to have time to withdraw money before February 1. A representative of Sberbank is aware of a possible problem and has prepared an action plan: “In advance, the IT service prepared a detailed plan to eliminate this problem. All technical works on the side of the site will be completed before February 1, ”he said in a comment to RBC. The UniCredit Bank website has no problems with DNS, a bank representative said. Promsvyazbank also took the necessary measures to ensure the operation of the site: all planned work will be completed before February 1.

The press service of the Ministry of Agriculture stated that currently external DNS servers supporting the mcx.ru zone are completing the procedure for updating and testing work in the new standards: “By February 1, the department will ensure the smooth operation of network services and the official website,” he assured .

However, not everyone is aware of the changes that will occur on February 1. For example, a spokesman for the governor of the Irkutsk Region, Irina Alashkevich, in a conversation with RBC noted that she had heard about such a problem for the first time, and promised to contact specialized specialists. And the press service of the governor of the Nizhny Novgorod region said that their problem would not touch, since they had “installed modern equipment”. Olga Petrova, a spokeswoman for the governor of the Vladimir region, also believes that the problem is not at risk for the official website of local authorities. “The server equipment, which ensures the functioning of the site, is controlled by domestic development operating systems, which are devoid of such vulnerabilities. This is a result of the import substitution policy, which the administration of the Vladimir region will continue to adhere to, ”said Olga Petrova.