> Can someone explain when BIND sets DO flag and when it won't? Most of my
> client workstations are XPSP3, and NONE of the queries coming from those
> clients have DO flag set.

The DO bit is part of the EDNS option record, and some servers (and more to
the point, some firewalls) are broken and don't understand EDNS.  When BIND
doesn't initially get an answer to a query, it retries in different ways,
and eventually (on the third try, if I recall correctly) it tries omitting
the EDNS option.  No EDNS means no DO bit, and I'm pretty sure that's what
you're seeing on the trace.

Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
bind-users mailing list

Reply via email to