From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 Sep 2023 11:28:06 +0000 (+0200)
Subject: - disable-edns-do, the option turns of the EDNS DO flag when a message is
X-Git-Tag: release-1.19.0rc1~29^2~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9aaafddf04ddec500230a18e471376bc4f401c1a;p=thirdparty%2Funbound.git

- disable-edns-do, the option turns of the EDNS DO flag when a message is
  sent from the iterator.
---

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 9f78aa17d..edb954cb5 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2875,7 +2875,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 		/* unset CD if to forwarder(RD set) and not dnssec retry
 		 * (blacklist nonempty) and no trust-anchors are configured
 		 * above the qname or on the first attempt when dnssec is on */
-		EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&&
+		(qstate->env->cfg->disable_edns_do?0:EDNS_DO)|
+		((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&&
 		!qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env,
 		&iq->qinfo_out)||target->attempts==1)?0:BIT_CD),
 		iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted(