From a09a8ce002bd5a5ed148faba35946423fc131abf Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Tue, 5 Nov 2013 14:28:06 +0100
Subject: [PATCH] adapt udp-truncation-threshold flag to the recursor and
 document it

---
 pdns/docs/pdns.xml    | 10 ++++++++++
 pdns/pdns_recursor.cc |  8 ++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml
index 79cdf36d4d..be93af1faa 100755
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -14434,6 +14434,16 @@ sql> insert into domainmetadata (domain_id, kind, content) values (6, 'TSIG-ALLO
 	      </para>
 	    </listitem>
 	  </varlistentry>
+    <varlistentry>
+      <term>udp-truncation-threshold=...</term>
+      <listitem>
+        <para>
+    EDNS0 allows for large UDP response datagrams, which can potentially raise performance. Large responses however
+    also have downsides in terms of reflection attacks. This setting limits the
+    accepted size. Maximum value is 65535, but values above 4096 should probably not be attempted. Default is 1680.
+        </para>
+      </listitem>
+    </varlistentry>
 	  <varlistentry>
 	    <term>version</term>
 	    <listitem>
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 84a70937ce..86bdb2f98c 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -76,6 +76,7 @@ unsigned int g_maxTCPPerClient;
 unsigned int g_networkTimeoutMsec;
 bool g_logCommonErrors;
 bool g_anyToTcp;
+uint16_t g_udpTruncationThreshold;
 __thread shared_ptr<RecursorLua>* t_pdl;
 __thread RemoteKeeper* t_remotes;
 __thread shared_ptr<Regex>* t_traceRegex;
@@ -498,7 +499,7 @@ void startDoResolve(void *p)
     uint32_t maxanswersize= dc->d_tcp ? 65535 : 512;
     EDNSOpts edo;
     if(getEDNSOpts(dc->d_mdp, &edo)) {
-      maxanswersize = min(edo.d_packetsize, (uint16_t) (dc->d_tcp ? 65535 : 1680));
+      maxanswersize = min(edo.d_packetsize, (uint16_t) (dc->d_tcp ? 65535 : g_udpTruncationThreshold));
     }
     
     vector<DNSResourceRecord> ret;
@@ -1789,7 +1790,8 @@ int serviceMain(int argc, char*argv[])
   g_logCommonErrors=::arg().mustDo("log-common-errors");
 
   g_anyToTcp = ::arg().mustDo("any-to-tcp");
-  
+  g_udpTruncationThreshold = ::arg().asNum("udp-truncation-threshold");
+
   makeUDPServerSockets();
   makeTCPServerSockets();
 
@@ -2064,6 +2066,8 @@ int main(int argc, char **argv)
     ::arg().setSwitch( "disable-packetcache", "Disable packetcache" )= "no"; 
     ::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads (EXPERIMENTAL)")="no";
     ::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";
+    ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
+
     ::arg().set("include-dir","Include *.conf files from this directory")="";
 
     ::arg().setCmd("help","Provide a helpful message");
-- 
2.47.2