> Can someone explain when BIND sets DO flag and when it won't? Most of my > client workstations are XPSP3, and NONE of the queries coming from those > clients have DO flag set.
The DO bit is part of the EDNS option record, and some servers (and more to the point, some firewalls) are broken and don't understand EDNS. When BIND doesn't initially get an answer to a query, it retries in different ways, and eventually (on the third try, if I recall correctly) it tries omitting the EDNS option. No EDNS means no DO bit, and I'm pretty sure that's what you're seeing on the trace. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
