- DNS Flag Day 2020: change edns-buffer-size default to 1232.

diff --git a/doc/Changelog b/doc/Changelog
index 47aa0bb3295636049523a5b9cd685a153c162e88..d257816b1e89ddbc709ebf60d67a23c136bea90b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+29 September 2020: Ralph
+       - DNS Flag Day 2020: change edns-buffer-size default to 1232.
+
 28 September 2020: Wouter
        - Fix unit test for dnstap changes, so that it waits for the timer.
 

diff --git a/doc/example.conf.in b/doc/example.conf.in
index 3213a8f8c69adeb4547bbeb85f230d0f4559561e..852cccaed81220384eeb3002645b239165a9e6f2 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -129,8 +129,8 @@ server:
        # ip-dscp: 0
 
        # EDNS reassembly buffer to advertise to UDP peers (the actual buffer
-       # is set with msg-buffer-size). 1472 can solve fragmentation (timeouts)
-       # edns-buffer-size: 4096
+       # is set with msg-buffer-size).
+       # edns-buffer-size: 1232
 
        # Maximum UDP response size (not applied to TCP response).
        # Suggested values are 512 to 4096. Default is 4096. 65536 disables it.

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index dfdab90d572f82df488763c422379a320bca398f..95c4aaa99005bda80c660b053c717713ade940ef 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -207,12 +207,11 @@ accepted. For larger installations increasing this value is a good idea.
 Number of bytes size to advertise as the EDNS reassembly buffer size.
 This is the value put into datagrams over UDP towards peers.  The actual
 buffer size is determined by msg\-buffer\-size (both for TCP and UDP).  Do
-not set higher than that value.  Default is 4096 which is RFC recommended.
-If you have fragmentation reassembly problems, usually seen as timeouts,
-then a value of 1472 can fix it.  Setting to 512 bypasses even the most
-stringent path MTU problems, but is seen as extreme, since the amount
-of TCP fallback generated is excessive (probably also for this resolver,
-consider tuning the outgoing tcp number).
+not set higher than that value.  Default is 1232 which is the DNS Flag Day 2020
+recommendation. Setting to 512 bypasses even the most stringent path MTU
+problems, but is seen as extreme, since the amount of TCP fallback generated is
+excessive (probably also for this resolver, consider tuning the outgoing tcp
+number).
 .TP
 .B max\-udp\-size: \fI<number>
 Maximum UDP response size (not applied to TCP response).  65536 disables the

diff --git a/testcode/testpkts.c b/testcode/testpkts.c
index 82c1439677c01295511334ce3b46ff982bcf9f68..dee45176167a993b98019359c036911b443e35e0 100644 (file)
--- a/testcode/testpkts.c
+++ b/testcode/testpkts.c
@@ -501,7 +501,7 @@ add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata,
 {
        uint8_t edns[] = {0x00, /* root label */
                0x00, LDNS_RR_TYPE_OPT, /* type */
-               0x10, 0x00, /* class is UDPSIZE 4096 */
+               0x04, 0xD0, /* class is UDPSIZE 1232 */
                0x00, /* TTL[0] is ext rcode */
                0x00, /* TTL[1] is edns version */
                (uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */

diff --git a/testdata/val_cnametocnamewctoposwc.rpl b/testdata/val_cnametocnamewctoposwc.rpl
index f17f5aafcaaf17e188738c27bf0e03c4c3c8bd9a..c290026baa20e3826e59984d6815e488358f4976 100644 (file)
--- a/testdata/val_cnametocnamewctoposwc.rpl
+++ b/testdata/val_cnametocnamewctoposwc.rpl
@@ -186,7 +186,7 @@ ENTRY_END
 STEP 10 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA AD DO NOERROR
+REPLY QR TC RD RA AD DO NOERROR
 SECTION QUESTION
 start.example.com. IN A
 SECTION ANSWER
@@ -201,11 +201,7 @@ SECTION AUTHORITY
 *.wc.example.com.      86400   IN      RRSIG   NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
 *.end.example.com.     86400   IN      NSEC    escapedtext.example.com. A RRSIG NSEC 
 *.end.example.com.     86400   IN      RRSIG   NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
-example.com.   3600    IN      NS      ns.example.com.
-example.com.   3600    IN      RRSIG   NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
 SECTION ADDITIONAL
-ns.example.com.        3600    IN      A       1.2.3.4
-ns.example.com.        3600    IN      RRSIG   A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
 ENTRY_END
 
 SCENARIO_END

diff --git a/testdata/val_nsec3_cnametocnamewctoposwc.rpl b/testdata/val_nsec3_cnametocnamewctoposwc.rpl
index 23d2b6a89c4403ada3d0edaf5cfed1e600191980..0fba0e2e17e71a976171c8295f33530c7563eb73 100644 (file)
--- a/testdata/val_nsec3_cnametocnamewctoposwc.rpl
+++ b/testdata/val_nsec3_cnametocnamewctoposwc.rpl
@@ -184,7 +184,7 @@ ENTRY_END
 STEP 10 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA AD DO NOERROR
+REPLY QR TC RD RA AD DO NOERROR
 SECTION QUESTION
 start.example.com. IN A
 SECTION ANSWER
@@ -199,11 +199,7 @@ isjq5aarcp8p5sukc56g961cccjus5u2.example.com.      86400   IN      NSEC3   1 0 1 abcd  isoaarj
 isjq5aarcp8p5sukc56g961cccjus5u2.example.com.  86400   IN      RRSIG   NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
 a61sejfu6am5a36p628t4s089s309o44.example.com.  86400   IN      NSEC3   1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG 
 a61sejfu6am5a36p628t4s089s309o44.example.com.  86400   IN      RRSIG   NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
-example.com.   3600    IN      NS      ns.example.com.
-example.com.   3600    IN      RRSIG   NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
 SECTION ADDITIONAL
-ns.example.com.        3600    IN      A       1.2.3.4
-ns.example.com.        3600    IN      RRSIG   A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
 ENTRY_END
 
 SCENARIO_END

diff --git a/util/config_file.c b/util/config_file.c
index f590a36cfcbad56f145ae38ba0845ebc4d55ed9b..b789c3359979a421d7790901220cda467db522c6 100644 (file)
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -152,7 +152,7 @@ config_create(void)
        cfg->incoming_num_tcp = 2; 
 #endif
        cfg->stream_wait_size = 4 * 1024 * 1024;
-       cfg->edns_buffer_size = 4096; /* 4k from rfc recommendation */
+       cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */
        cfg->msg_buffer_size = 65552; /* 64 k + a small margin */
        cfg->msg_cache_size = 4 * 1024 * 1024;
        cfg->msg_cache_slabs = 4;