From 3a659bdccb2ff17c22c0508fe29bd47e604ef81b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 27 Oct 2020 15:40:27 +0100 Subject: [PATCH] doc: DNS Flag Day 2020 is now effective --- NEWS | 3 ++- doc/upgrading.rst | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 00cf3942f..ff2691e7f 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,8 @@ Knot Resolver 5.2.0 (2020-1m-dd) Improvements ------------ -- lower default EDNS buffer size to 1232 (#538, #300, !920) +- lower default EDNS buffer size to 1232 bytes (#538, #300, !920); + see https://dnsflagday.net/2020/ - net: split the EDNS buffer size into upstream and downstream (!1026) - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069) - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061) diff --git a/doc/upgrading.rst b/doc/upgrading.rst index 13a19693b..5c5e47150 100644 --- a/doc/upgrading.rst +++ b/doc/upgrading.rst @@ -24,9 +24,6 @@ newer versions when they are released. * DoH over HTTP/1 and unencrypted transports is still available in :ref:`legacy http module ` (``kind='doh'``). This module will not receive receive any more bugfixes and will be eventually removed. -* New releases since October 2020 will contain changes for - `DNS Flag Day 2020 `_. Please double-check your firewall, - it has to allow DNS traffic on UDP and also TCP port 53. 5.1 to 5.2 @@ -38,6 +35,10 @@ Users * Users of :ref:`control-sockets` API need to terminate each command sent to resolver with newline character (ASCII ``\n``). Correct usage: ``cache.stats()\n``. Newline terminated commands are accepted by all resolver versions >= 1.0.0. +* `DNS Flag Day 2020 `_ is now effective and Knot Resolver uses + maximum size of UDP answer to 1232 bytes. Please double-check your firewall, + it has to allow DNS traffic on UDP and **also TCP** port 53. + Configuration file ------------------ -- 2.47.2