dnsdist: Keep accepting fragmented UDP datagrams on DNSCrypt binds

DNSCrypt pads its queries for privacy purposes, and thus requires
larger queries than plain DNS ones. Discarding fragmented datagrams
doesn't make sense in that case, and actually leads to a very
degraded service.

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 45ab97ea30f5902ee2b78afa07e3df8bd9ef787b..a1b7bef6e966f6db14a355d746b24781fb8548e1 100644 (file)
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -1844,14 +1844,15 @@ static void setUpLocalBind(std::unique_ptr<ClientState>& cs)
 #endif
   }
 
-  if (!cs->tcp) {
-    if (cs->local.isIPv4()) {
-      try {
-        setSocketIgnorePMTU(cs->udpFD);
-      }
-      catch(const std::exception& e) {
-        warnlog("Failed to set IP_MTU_DISCOVER on UDP server socket for local address '%s': %s", cs->local.toStringWithPort(), e.what());
-      }
+  /* Only set this on IPv4 UDP sockets.
+     Don't set it for DNSCrypt binds. DNSCrypt pads queries for privacy
+     purposes, so we do receive large, sometimes fragmented datagrams. */
+  if (!cs->tcp && cs->local.isIPv4() && !cs->dnscryptCtx) {
+    try {
+      setSocketIgnorePMTU(cs->udpFD);
+    }
+    catch(const std::exception& e) {
+      warnlog("Failed to set IP_MTU_DISCOVER on UDP server socket for local address '%s': %s", cs->local.toStringWithPort(), e.what());
     }
   }