From: Petr Špaček Date: Tue, 27 Oct 2020 14:40:27 +0000 (+0100) Subject: doc: DNS Flag Day 2020 is now effective X-Git-Tag: v5.2.0~5^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a659bdccb2ff17c22c0508fe29bd47e604ef81b;p=thirdparty%2Fknot-resolver.git doc: DNS Flag Day 2020 is now effective --- diff --git a/NEWS b/NEWS index 00cf3942f..ff2691e7f 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,8 @@ Knot Resolver 5.2.0 (2020-1m-dd) Improvements ------------ -- lower default EDNS buffer size to 1232 (#538, #300, !920) +- lower default EDNS buffer size to 1232 bytes (#538, #300, !920); + see https://dnsflagday.net/2020/ - net: split the EDNS buffer size into upstream and downstream (!1026) - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069) - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061) diff --git a/doc/upgrading.rst b/doc/upgrading.rst index 13a19693b..5c5e47150 100644 --- a/doc/upgrading.rst +++ b/doc/upgrading.rst @@ -24,9 +24,6 @@ newer versions when they are released. * DoH over HTTP/1 and unencrypted transports is still available in :ref:`legacy http module ` (``kind='doh'``). This module will not receive receive any more bugfixes and will be eventually removed. -* New releases since October 2020 will contain changes for - `DNS Flag Day 2020 `_. Please double-check your firewall, - it has to allow DNS traffic on UDP and also TCP port 53. 5.1 to 5.2 @@ -38,6 +35,10 @@ Users * Users of :ref:`control-sockets` API need to terminate each command sent to resolver with newline character (ASCII ``\n``). Correct usage: ``cache.stats()\n``. Newline terminated commands are accepted by all resolver versions >= 1.0.0. +* `DNS Flag Day 2020 `_ is now effective and Knot Resolver uses + maximum size of UDP answer to 1232 bytes. Please double-check your firewall, + it has to allow DNS traffic on UDP and **also TCP** port 53. + Configuration file ------------------