From 9aaafddf04ddec500230a18e471376bc4f401c1a Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 20 Sep 2023 13:28:06 +0200 Subject: [PATCH] - disable-edns-do, the option turns of the EDNS DO flag when a message is sent from the iterator. --- iterator/iterator.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iterator/iterator.c b/iterator/iterator.c index 9f78aa17d..edb954cb5 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -2875,7 +2875,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* unset CD if to forwarder(RD set) and not dnssec retry * (blacklist nonempty) and no trust-anchors are configured * above the qname or on the first attempt when dnssec is on */ - EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&& + (qstate->env->cfg->disable_edns_do?0:EDNS_DO)| + ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&& !qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env, &iq->qinfo_out)||target->attempts==1)?0:BIT_CD), iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted( -- 2.47.3