diff --git a/changes/bug21108_029 b/changes/bug21108_029
new file mode 100644
index 0000000000000000000000000000000000000000..3a3f004fc607ec1348a958fc6f3034f516052d0d
--- /dev/null
+++ b/changes/bug21108_029
@@ -0,0 +1,6 @@
+  o Major bugfixes (directory authority):
+    - During voting, when marking a node as a probable sybil, do not
+      clear its BadExit flag: sybils can still be bad in other ways
+      too. (We still clear the other flags.) Fixes bug 21108; bugfix
+      on 0.2.0.13-alpha.
+
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 71dcbb6a9c83e3aa26fa3989dcf2895b3c2eb3b4..59d0c88381e4cbf08b266020e064da132755cd7b 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2232,13 +2232,17 @@ dirserv_set_routerstatus_testing(routerstatus_t *rs)
 /** Routerstatus <b>rs</b> is part of a group of routers that are on
  * too narrow an IP-space. Clear out its flags since we don't want it be used
  * because of its Sybil-like appearance.
+ *
+ * Leave its BadExit flag alone though, since if we think it's a bad exit,
+ * we want to vote that way in case all the other authorities are voting
+ * Running and Exit.
  */
 static void
 clear_status_flags_on_sybil(routerstatus_t *rs)
 {
   rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
     rs->is_flagged_running = rs->is_named = rs->is_valid =
-    rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit = 0;
+    rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0;
   /* FFFF we might want some mechanism to check later on if we
    * missed zeroing any flags: it's easy to add a new flag but
    * forget to add it to this clause. */