Change the default ENDS buffer size to 1232 for DNS Flag Day 2020

The DNS Flag Day 2020 aims to remove the IP fragmentation problem from
the UDP DNS communication.  In this commit, we implement the minimal
required changes by changing the defaults for `edns-udp-size`,
`max-udp-size` and `nocookie-udp-size` to `1232` (the value picked by
DNS Flag Day 2020).

(cherry picked from commit bb990030d344dafe40a62fe5ed2741de28b8ca66)

diff --git a/bin/named/config.c b/bin/named/config.c
index 60d9fe5f0c45c637b9cf73f3b2232f807e0facff..55e1f78f37606372176401bb66dc3387e8c308c2 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -59,7 +59,7 @@ options {\n\
 #      directory <none>\n\
        dnssec-policy \"none\";\n\
        dump-file \"named_dump.db\";\n\
-       edns-udp-size 4096;\n\
+       edns-udp-size 1232;\n\
 #      fake-iquery <obsolete>;\n"
 #ifndef WIN32
                            "   files unlimited;\n"
@@ -82,11 +82,11 @@ options {\n\
 #      lock-file \"" NAMED_LOCALSTATEDIR "/run/named/named.lock\";\n\
        match-mapped-addresses no;\n\
        max-rsa-exponent-size 0; /* no limit */\n\
-       max-udp-size 4096;\n\
+       max-udp-size 1232;\n\
        memstatistics-file \"named.memstats\";\n\
 #      multiple-cnames <obsolete>;\n\
 #      named-xfer <obsolete>;\n\
-       nocookie-udp-size 4096;\n\
+       nocookie-udp-size 1232;\n\
        notify-rate 20;\n\
        nta-lifetime 3600;\n\
        nta-recheck 300;\n\

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index cf98781c4814c10fba74383c3a847853586ae72a..836a1d3a347b5878cc1ca637ec2a7aeb94eca6f9 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1844,7 +1844,7 @@ Boolean Options
 ``nocookie-udp-size``
    This sets the maximum size of UDP responses that are sent to queries
    without a valid server COOKIE. A value below 128 is silently
-   raised to 128. The default value is 4096, but the ``max-udp-size``
+   raised to 128. The default value is 1232, but the ``max-udp-size``
    option may further limit the response size.
 
 ``sit-secret``
@@ -3401,7 +3401,7 @@ Tuning
    the size of packets received from authoritative servers in response
    to recursive queries. Valid values are 512 to 4096; values outside
    this range are silently adjusted to the nearest value within it.
-   The default value is 4096.
+   The default value is 1232.
 
    The usual reason for setting ``edns-udp-size`` to a non-default value
    is to get UDP answers to pass through broken firewalls that block
@@ -3427,7 +3427,7 @@ Tuning
    This sets the maximum EDNS UDP message size that ``named`` sends in bytes.
    Valid values are 512 to 4096; values outside this range are
    silently adjusted to the nearest value within it. The default value
-   is 4096.
+   is 1232.
 
    This value applies to responses sent by a server; to set the
    advertised buffer size in queries, see ``edns-udp-size``.

diff --git a/lib/ns/server.c b/lib/ns/server.c
index 2e91cafd45f95ff6a1fb864a8fc305784aefe657..a970a28e89f46657d5f90ef3ca5287a139310ca3 100644 (file)
--- a/lib/ns/server.c
+++ b/lib/ns/server.c
@@ -87,7 +87,7 @@ ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
        CHECKFATAL(isc_stats_create(mctx, &sctx->tcpoutstats6,
                                    dns_sizecounter_out_max));
 
-       sctx->udpsize = 4096;
+       sctx->udpsize = 1232;
        sctx->transfer_tcp_message_size = 20480;
 
        sctx->fuzztype = isc_fuzz_none;