When does BIND send queries with DO flag enabled?

Evan Hunt each at isc.org
Wed Sep 29 23:24:34 UTC 2010

> Can someone explain when BIND sets DO flag and when it won't? Most of my
> client workstations are XPSP3, and NONE of the queries coming from those
> clients have DO flag set.

The DO bit is part of the EDNS option record, and some servers (and more to
the point, some firewalls) are broken and don't understand EDNS.  When BIND
doesn't initially get an answer to a query, it retries in different ways,
and eventually (on the third try, if I recall correctly) it tries omitting
the EDNS option.  No EDNS means no DO bit, and I'm pretty sure that's what
you're seeing on the trace.

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list