In message <201006060107.o5617ep4091...@drugs.dv.isc.org>, Mark Andrews writes: > > In message <4c0aad2a.4010...@dougbarton.us>, Doug Barton writes: > > On 06/05/10 07:22, Mark Andrews wrote: > > > In message<4c09c562.7030...@dougbarton.us>, Doug Barton writes: > > > > > > The resolver works. It figures out that it can't make the new style > > > queries and falls back to the old style queries. If the user is really > > > worried they can turn off EDNS and with that DO. > > > > The OP's problem was that his firewall blocked anything with DO=1. > > That was the claim. I suspect the reality is something different > and would like to see actual proof that it is not one of the other > firewall issues. This is not to say that there are not firewalls > that choke on DO (when DO was first introduced we saw lookup failures > due to firewalls blocking it) but given named has been sending DO > for years it is strange to get a complaint about DO now.
BIND 9.1 sent DO. Every lookup he made would have been slow (multiple seconds) if DO was a problem for his firewall. % grep G_DO 9.?.x/lib/dns/*.c 9.1.x/lib/dns/resolver.c: rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; 9.2.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.2.x/lib/dns/message.c: mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff; 9.2.x/lib/dns/resolver.c: rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; 9.3.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.3.x/lib/dns/message.c: mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff; 9.3.x/lib/dns/resolver.c: rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; 9.4.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.4.x/lib/dns/message.c: mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff; 9.4.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; 9.5.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.5.x/lib/dns/message.c: mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ 9.5.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; 9.6.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.6.x/lib/dns/message.c: mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ 9.6.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; 9.7.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.7.x/lib/dns/message.c: mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ 9.7.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; % > > > It's still a handful of zones that are signed. > > > > But isn't that what we're all working on changing? :) > > > > Doug > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
