From 38c1f671e066c66e132f298d63fa56e677f3435c Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 26 Mar 2020 11:47:54 +0100
Subject: [PATCH] dnsdist: Keep accepting fragmented UDP datagrams on DNSCrypt
 binds

DNSCrypt pads its queries for privacy purposes, and thus requires
larger queries than plain DNS ones. Discarding fragmented datagrams
doesn't make sense in that case, and actually leads to a very
degraded service.
---
 pdns/dnsdist.cc | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 45ab97ea30..a1b7bef6e9 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -1844,14 +1844,15 @@ static void setUpLocalBind(std::unique_ptr<ClientState>& cs)
 #endif
   }
 
-  if (!cs->tcp) {
-    if (cs->local.isIPv4()) {
-      try {
-        setSocketIgnorePMTU(cs->udpFD);
-      }
-      catch(const std::exception& e) {
-        warnlog("Failed to set IP_MTU_DISCOVER on UDP server socket for local address '%s': %s", cs->local.toStringWithPort(), e.what());
-      }
+  /* Only set this on IPv4 UDP sockets.
+     Don't set it for DNSCrypt binds. DNSCrypt pads queries for privacy
+     purposes, so we do receive large, sometimes fragmented datagrams. */
+  if (!cs->tcp && cs->local.isIPv4() && !cs->dnscryptCtx) {
+    try {
+      setSocketIgnorePMTU(cs->udpFD);
+    }
+    catch(const std::exception& e) {
+      warnlog("Failed to set IP_MTU_DISCOVER on UDP server socket for local address '%s': %s", cs->local.toStringWithPort(), e.what());
     }
   }
 
-- 
2.47.2