Commit 4ad0e8b4 authored by Marek Vavrusa's avatar Marek Vavrusa Committed by Ondřej Surý

daemon: lower minimum allowed edns bufsize to 512

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always
parent 1e0a8b9d
......@@ -542,7 +542,7 @@ For when listening on ``localhost`` just doesn't cut it.
.. function:: net.bufsize([udp_bufsize])
Get/set maximum EDNS payload available. Default is 4096.
Get/set maximum EDNS payload available. Default is 1452, increase it in cases when authoritatives send large payloads over UDP and don't support TCP.
You cannot set less than 512 (512 is DNS packet size without EDNS, 1220 is minimum size for DNSSEC) or more than 65535 octets.
Example output:
......
......@@ -63,7 +63,7 @@ static inline int __attribute__((__cold__)) kr_error(int x) {
#define KR_DNS_PORT 53
#define KR_DNS_TLS_PORT 853
#define KR_EDNS_VERSION 0
#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
#define KR_EDNS_PAYLOAD 1452 /* Default UDP payload (max unfragmented UDP is 1452B) */
/*
* Address sanitizer hints.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment