When does BIND send queries with DO flag enabled?

Thu Sep 30 14:27:59 UTC 2010

On Thu, 30 Sep 2010, Taylor, Gord wrote:
>
> The business partner has already fixed their firewall
> (allow_dnssec_bit=1 on CheckPoint)

Just in case anyone else is worried about interop problems, I note that
allow_dnssec_bit=1 is the default setting. A CheckPoint firewall
administrator has to deliberately change a correct default in order to
cause this kind of serious breakage.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.