> The DO bit is always set whenever the server includes an EDNS OPT RR
> (I thought it was based on the specification, but don't remember which
> sentence of which RFC says so).
I was taken aback to read this, because I remembered seeing code in named
that clears the DO bit if "dnssec-enable" is "no":
if (!client->view->enablednssec) {
client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
[...]
}
Looking further, though, I see that Jinmei is correct. The above code
clears the DO bit in replies sent from an authoritative name server; it
doesn't apply to queries being sent by a resolver. Resolvers do indeed
set the DO bit unconditionally. Sorry for any confusion caused by my
earlier statement to the contrary.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
