From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 26 Mar 2020 10:47:54 +0000 (+0100)
Subject: dnsdist: Keep accepting fragmented UDP datagrams on DNSCrypt binds
X-Git-Tag: dnsdist-1.5.0-rc1~23^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=38c1f671e066c66e132f298d63fa56e677f3435c;p=thirdparty%2Fpdns.git

dnsdist: Keep accepting fragmented UDP datagrams on DNSCrypt binds

DNSCrypt pads its queries for privacy purposes, and thus requires
larger queries than plain DNS ones. Discarding fragmented datagrams
doesn't make sense in that case, and actually leads to a very
degraded service.
---

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 45ab97ea30..a1b7bef6e9 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -1844,14 +1844,15 @@ static void setUpLocalBind(std::unique_ptr<ClientState>& cs)
 #endif
   }
 
-  if (!cs->tcp) {
-    if (cs->local.isIPv4()) {
-      try {
-        setSocketIgnorePMTU(cs->udpFD);
-      }
-      catch(const std::exception& e) {
-        warnlog("Failed to set IP_MTU_DISCOVER on UDP server socket for local address '%s': %s", cs->local.toStringWithPort(), e.what());
-      }
+  /* Only set this on IPv4 UDP sockets.
+     Don't set it for DNSCrypt binds. DNSCrypt pads queries for privacy
+     purposes, so we do receive large, sometimes fragmented datagrams. */
+  if (!cs->tcp && cs->local.isIPv4() && !cs->dnscryptCtx) {
+    try {
+      setSocketIgnorePMTU(cs->udpFD);
+    }
+    catch(const std::exception& e) {
+      warnlog("Failed to set IP_MTU_DISCOVER on UDP server socket for local address '%s': %s", cs->local.toStringWithPort(), e.what());
     }
   }