+18 January 2021: Wouter
+ - Fix #404: DNS query with small edns bufsize fail.
+
15 January 2021: Wouter
- Merge #402 from fobser: Implement IPv4-Embedded addresses according
to RFC6052.
# target-fetch-policy: "3 2 1 0 0"
# Harden against very small EDNS buffer sizes.
- # harden-short-bufsize: no
+ # harden-short-bufsize: yes
# Harden against unseemly large queries.
# harden-large-queries: no
rumoured to be closer to that of BIND 8.
.TP
.B harden\-short\-bufsize: \fI<yes or no>
-Very small EDNS buffer sizes from queries are ignored. Default is off, since
-it is legal protocol wise to send these, and unbound tries to give very
-small answers to these queries, where possible.
+Very small EDNS buffer sizes from queries are ignored. Default is on, as
+described in the standard.
.TP
.B harden\-large\-queries: \fI<yes or no>
Very large queries are ignored. Default is off, since it is legal protocol
cfg->views = NULL;
cfg->acls = NULL;
cfg->tcp_connection_limits = NULL;
- cfg->harden_short_bufsize = 0;
+ cfg->harden_short_bufsize = 1;
cfg->harden_large_queries = 0;
cfg->harden_glue = 1;
cfg->harden_dnssec_stripped = 1;
cfg->val_log_level = 2; /* to fill why_bogus with */
cfg->val_log_squelch = 1;
cfg->minimal_responses = 0;
+ cfg->harden_short_bufsize = 1;
return cfg;
}
projects / thirdparty / unbound.git / commitdiff
