From: Sam Morris <sam@robots.org.uk>
Date: Mon, 8 Oct 2018 11:03:28 +0000 (+0100)
Subject: resolved: have the stub resolver listen on both TCP and UDP by default
X-Git-Tag: v240~77
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4b987478b0abf14e84ff6fcae4ae8dec0d9ab43e;p=thirdparty%2Fsystemd.git

resolved: have the stub resolver listen on both TCP and UDP by default

RFC7766 section 4 states that in the absence of EDNS0, a response that
is too large for a 512-byte UDP packet will have the 'truncated' bit
set. The client is expected to retry the query over TCP.

Fixes #10264.
---

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index eb2794c4180..d37bf0d3ad6 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -239,9 +239,9 @@
       <varlistentry>
         <term><varname>DNSStubListener=</varname></term>
         <listitem><para>Takes a boolean argument or one of <literal>udp</literal> and <literal>tcp</literal>. If
-        <literal>udp</literal> (the default), a DNS stub resolver will listen for UDP requests on address 127.0.0.53
+        <literal>udp</literal>, a DNS stub resolver will listen for UDP requests on address 127.0.0.53
         port 53. If <literal>tcp</literal>, the stub will listen for TCP requests on the same address and port. If
-        <literal>yes</literal>, the stub listens for both UDP and TCP requests.  If <literal>no</literal>, the stub
+        <literal>yes</literal> (the default), the stub listens for both UDP and TCP requests.  If <literal>no</literal>, the stub
         listener is disabled.</para>
 
         <para>Note that the DNS stub listener is turned off implicitly when its listening address and port are already
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 1f8c47ccbeb..b7dc09ae370 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -580,7 +580,7 @@ int manager_new(Manager **ret) {
                 .dnssec_mode = DEFAULT_DNSSEC_MODE,
                 .dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE,
                 .enable_cache = true,
-                .dns_stub_listener_mode = DNS_STUB_LISTENER_UDP,
+                .dns_stub_listener_mode = DNS_STUB_LISTENER_YES,
                 .read_resolv_conf = true,
                 .need_builtin_fallbacks = true,
                 .etc_hosts_last = USEC_INFINITY,
diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
index e559291f66c..6898c7848be 100644
--- a/src/resolve/resolved.conf.in
+++ b/src/resolve/resolved.conf.in
@@ -20,5 +20,5 @@
 #DNSSEC=@DEFAULT_DNSSEC_MODE@
 #DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
 #Cache=yes
-#DNSStubListener=udp
+#DNSStubListener=yes
 #ReadEtcHosts=yes