Commit 2e253a83 authored by Marek Vavrusa's avatar Marek Vavrusa

daemon: lower minimum allowed edns bufsize to 512

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always
parent 4e766ef0
......@@ -542,14 +542,14 @@ For when listening on ``localhost`` just doesn't cut it.
.. function:: net.bufsize([udp_bufsize])
Get/set maximum EDNS payload available. Default is 1452 (the maximum unfragmented datagram size).
You cannot set less than 1220 (minimum size for DNSSEC) or more than 65535 octets.
Get/set maximum EDNS payload available. Default is 1452, increase it in cases when authoritatives send large payloads over UDP and don't support TCP.
You cannot set less than 512 (512 is DNS packet size without EDNS, 1220 is minimum size for DNSSEC) or more than 65535 octets.
Example output:
.. code-block:: lua
> net.bufsize(4096)
> net.bufsize 4096
> net.bufsize()
4096
......
......@@ -301,8 +301,8 @@ static int net_bufsize(lua_State *L)
return 1;
}
int bufsize = lua_tointeger(L, 1);
if (bufsize < KNOT_EDNS_MIN_DNSSEC_PAYLOAD || bufsize > UINT16_MAX) {
format_error(L, "bufsize must be within <1220, 65535>");
if (bufsize < 512 || bufsize > UINT16_MAX) {
format_error(L, "bufsize must be within <512, 65535>");
lua_error(L);
}
knot_edns_set_payload(opt_rr, (uint16_t) bufsize);
......
......@@ -62,7 +62,7 @@ static inline int __attribute__((__cold__)) kr_error(int x) {
*/
#define KR_DNS_PORT 53
#define KR_EDNS_VERSION 0
#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
#define KR_EDNS_PAYLOAD 1452 /* Default UDP payload (max unfragmented UDP is 1452B) */
/*
* Address sanitizer hints.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment