From: W.C.A. Wijngaards Date: Mon, 18 Jan 2021 07:29:52 +0000 (+0100) Subject: - Fix #404: DNS query with small edns bufsize fail. X-Git-Tag: release-1.13.1rc1~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c125fe67bc42ec732ad53a3d2f095d656c9a03f4;p=thirdparty%2Funbound.git - Fix #404: DNS query with small edns bufsize fail. --- diff --git a/doc/Changelog b/doc/Changelog index 2edaa330d..27e8621c3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +18 January 2021: Wouter + - Fix #404: DNS query with small edns bufsize fail. + 15 January 2021: Wouter - Merge #402 from fobser: Implement IPv4-Embedded addresses according to RFC6052. diff --git a/doc/example.conf.in b/doc/example.conf.in index b51bcfca5..c1c3eb9b3 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -388,7 +388,7 @@ server: # target-fetch-policy: "3 2 1 0 0" # Harden against very small EDNS buffer sizes. - # harden-short-bufsize: no + # harden-short-bufsize: yes # Harden against unseemly large queries. # harden-large-queries: no diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index e7964d969..2fa8e7a95 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -839,9 +839,8 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour rumoured to be closer to that of BIND 8. .TP .B harden\-short\-bufsize: \fI -Very small EDNS buffer sizes from queries are ignored. Default is off, since -it is legal protocol wise to send these, and unbound tries to give very -small answers to these queries, where possible. +Very small EDNS buffer sizes from queries are ignored. Default is on, as +described in the standard. .TP .B harden\-large\-queries: \fI Very large queries are ignored. Default is off, since it is legal protocol diff --git a/util/config_file.c b/util/config_file.c index 4c827b74e..a845dde23 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -220,7 +220,7 @@ config_create(void) cfg->views = NULL; cfg->acls = NULL; cfg->tcp_connection_limits = NULL; - cfg->harden_short_bufsize = 0; + cfg->harden_short_bufsize = 1; cfg->harden_large_queries = 0; cfg->harden_glue = 1; cfg->harden_dnssec_stripped = 1; @@ -388,6 +388,7 @@ struct config_file* config_create_forlib(void) cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; cfg->minimal_responses = 0; + cfg->harden_short_bufsize = 1; return cfg; }