DNS flag day 2020
Reading time: 3 minutes
One of the most critical parts of MailMum is to provide DNS service, which handles IP blacklisting for our customers. They are the primary service our customer’s mail servers are using.
As the DNS flag day 2020 directed to operational and security problems in DNS caused by Internet Protocol packet fragmentation, we’ve tested all our DNS services to align these rules.
Why you should test too?
DNS is a distributed system and one of the most critical parts of networks. If DNS fails; most services stop working as they rely on DNS resolution. Most companies run at least one DNS server our use a provided DNS server for their company. Some run thousands to offer their employee and their customers DNS services.
Every admin and user should take view minutes of their time and test the DNS servers they are running or DNS services they use for compliance. If the server does not comply, gently tell your admin. If you are the admin, please take some time and try to fix the complaints. The DNS flag days page describes the settings for most common software components.
Building a test suite for DNS
As we already told you, DNS is a critical part of MailMum. That’s why we must test it in every possible way before production and in production too.
Testing is an essential part of our software development. We’ve built a test suite for our server software to comply with global standards based on many different RFCs. The DNS flag day is one of these days where we recheck the most common complaints.
The whole test suite runs through CI (Continuous Integration) systems before the software gets deployed to staging and production. You know these moments when the test suite works on your development system but fails for some reason on CI or even worse in the production environment.
We are testing our software with the most widespread mail services like Postfix, Exim, Sendmail, etc. As every software has a version, we test them based on standard distribution versions of Debian, Ubuntu, Redhat, and Suse Linux. There is still a lot of work to do.
To have a second opinion external services for uptime and responsiveness monitor all our DNS servers. Having a second opinion is an integral part of the development life cycle to get a second opinion on our data, see outages, analyze the reasons, fix problems, and see networks and services fail.
Summary
As we are developers and customers of our services, we use them to provide services to our mail customers. We’ve built MailMum for ourselves; that’s why we say: “eat your own dog food.”
Thank you for reading and your help in improving small parts of the global DNS system.
Links
- DNS flag days
- DNS flag day 2020
- DNS flag day 2019
- RFC 7766 DNS Transport over TCP - Implementation Requirements
- RFC 6891 section 6.2.3. Requestor’s Payload Size
- RFC 6891 section 6.2.4. Responder’s Payload Size