From: Lukáš Ježek <lukas.jezek@nic.cz>
Date: Fri, 10 Jan 2020 06:17:06 +0000 (+0100)
Subject: daemon: lower EDNS buffer size to 1232
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e288cf4ac0548dae337110430a822a7082e37f6;p=thirdparty%2Fknot-resolver.git

daemon: lower EDNS buffer size to 1232
---

diff --git a/NEWS b/NEWS
index 9e2305e30..30ae5aff6 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ Knot Resolver 5.2.0 (2020-1m-dd)
 
 Improvements
 ------------
+- lower default EDNS buffer size to 1232 (#538, #300, !920)
 - net: split the EDNS buffer size into upstream and downstream (!1026)
 - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
 - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061)
diff --git a/lib/defines.h b/lib/defines.h
index 4e7c9291b..76a93cb18 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -62,7 +62,7 @@ static inline int KR_COLD kr_error(int x) {
 #define KR_DNS_DOH_PORT 443
 #define KR_DNS_TLS_PORT 853
 #define KR_EDNS_VERSION 0
-#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
+#define KR_EDNS_PAYLOAD 1232 /* Default UDP payload; see https://dnsflagday.net/2020/ */
 #define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
 #define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */