daemon: lower EDNS buffer size to 1232

diff --git a/NEWS b/NEWS
index 9e2305e30f38855c500b69a581abc56d9142917a..30ae5aff67effd2f522557cebac296869dcea61a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ Knot Resolver 5.2.0 (2020-1m-dd)
 
 Improvements
 ------------
+- lower default EDNS buffer size to 1232 (#538, #300, !920)
 - net: split the EDNS buffer size into upstream and downstream (!1026)
 - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
 - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061)

diff --git a/lib/defines.h b/lib/defines.h
index 4e7c9291b3a499a080ace8c0819bf4b87ab8cb89..76a93cb1831d730a71c3dab55abc8ded3823f452 100644 (file)
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -62,7 +62,7 @@ static inline int KR_COLD kr_error(int x) {
 #define KR_DNS_DOH_PORT 443
 #define KR_DNS_TLS_PORT 853
 #define KR_EDNS_VERSION 0
-#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
+#define KR_EDNS_PAYLOAD 1232 /* Default UDP payload; see https://dnsflagday.net/2020/ */
 #define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
 #define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */