- disable-edns-do, the option turns of the EDNS DO flag when a message is

  sent from the iterator.

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 9f78aa17d84be234881ecb837c8b5aef484f13cc..edb954cb5ccfaa8d368d2c6d6dbe6afc31084b65 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2875,7 +2875,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
                /* unset CD if to forwarder(RD set) and not dnssec retry
                 * (blacklist nonempty) and no trust-anchors are configured
                 * above the qname or on the first attempt when dnssec is on */
-               EDNS_DO| ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&&
+               (qstate->env->cfg->disable_edns_do?0:EDNS_DO)|
+               ((iq->chase_to_rd||(iq->chase_flags&BIT_RD)!=0)&&
                !qstate->blacklist&&(!iter_qname_indicates_dnssec(qstate->env,
                &iq->qinfo_out)||target->attempts==1)?0:BIT_CD),
                iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted(