In message <[email protected]>, Mark Andrews writes: > > In message <[email protected]>, Doug Barton writes: > > On 06/05/10 07:22, Mark Andrews wrote: > > > In message<[email protected]>, Doug Barton writes: > > > > > > The resolver works. It figures out that it can't make the new style > > > queries and falls back to the old style queries. If the user is really > > > worried they can turn off EDNS and with that DO. > > > > The OP's problem was that his firewall blocked anything with DO=1. > > That was the claim. I suspect the reality is something different > and would like to see actual proof that it is not one of the other > firewall issues. This is not to say that there are not firewalls > that choke on DO (when DO was first introduced we saw lookup failures > due to firewalls blocking it) but given named has been sending DO > for years it is strange to get a complaint about DO now.
BIND 9.1 sent DO. Every lookup he made would have been slow (multiple seconds) if DO was a problem for his firewall. % grep G_DO 9.?.x/lib/dns/*.c 9.1.x/lib/dns/resolver.c: rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; 9.2.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.2.x/lib/dns/message.c: mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff; 9.2.x/lib/dns/resolver.c: rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; 9.3.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.3.x/lib/dns/message.c: mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff; 9.3.x/lib/dns/resolver.c: rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; 9.4.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.4.x/lib/dns/message.c: mbz = ps->ttl & ~DNS_MESSAGEEXTFLAG_DO & 0xffff; 9.4.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; 9.5.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.5.x/lib/dns/message.c: mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ 9.5.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; 9.6.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.6.x/lib/dns/message.c: mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ 9.6.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; 9.7.x/lib/dns/message.c: if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) 9.7.x/lib/dns/message.c: mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ 9.7.x/lib/dns/resolver.c: rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; % > > > It's still a handful of zones that are signed. > > > > But isn't that what we're all working on changing? :) > > > > Doug > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > _______________________________________________ > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
