From b4c061e37ea0c2eef2c7a907a3f9681bcbca8e9e Mon Sep 17 00:00:00 2001 From: Matthew Vance Date: Sat, 10 Oct 2020 21:53:00 -0500 Subject: [PATCH] :snowflake: DNS Flag Day 2020 - change edns-buffer-size to 1232. --- unbound/unbound.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/unbound/unbound.sh b/unbound/unbound.sh index ac8c675..60fabb4 100644 --- a/unbound/unbound.sh +++ b/unbound/unbound.sh @@ -66,14 +66,16 @@ server: # Set the working directory for the program. directory: "/opt/unbound/etc/unbound" - # RFC 6891. Number of bytes size to advertise as the EDNS reassembly buffer - # size. This is the value put into datagrams over UDP towards peers. - # 4096 is RFC recommended. 1472 has a reasonable chance to fit within a - # single Ethernet frame, thus lessing the chance of fragmentation - # reassembly problems (usually seen as timeouts). Setting to 512 bypasses - # even the most stringent path MTU problems, but is not recommended since - # the amount of TCP fallback generated is excessive. - edns-buffer-size: 1472 + # RFC 6891. Number of bytes size to advertise as the EDNS reassembly buffer + # size. This is the value put into datagrams over UDP towards peers. + # The actual buffer size is determined by msg-buffer-size (both for TCP and + # UDP). Do not set higher than that value. + # Default is 1232 which is the DNS Flag Day 2020 recommendation. + # Setting to 512 bypasses even the most stringent path MTU problems, but + # is seen as extreme, since the amount of TCP fallback generated is + # excessive (probably also for this resolver, consider tuning the outgoing + # tcp number). + edns-buffer-size: 1232 # Listen to for queries from clients and answer from this network interface # and port.