conf: increase minimum limit for UDP max size to 1220

0e0a3d1c · Daniel Salzman · fbf7c869 · 0e0a3d1c · 0e0a3d1c · 0e0a3d1c
Commit 0e0a3d1c authored 8 years ago by Daniel Salzman
--- a/src/knot/conf/scheme.c
+++ b/src/knot/conf/scheme.c
-/*  Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -122,15 +122,15 @@ static const yp_item_t desc_server[] = {
 	{ C_TCP_IDLE_TIMEOUT,     YP_TINT,  YP_VINT = { 0, INT32_MAX, 20, YP_STIME } },
 	{ C_TCP_REPLY_TIMEOUT,    YP_TINT,  YP_VINT = { 0, INT32_MAX, 10, YP_STIME } },
 	{ C_MAX_TCP_CLIENTS,      YP_TINT,  YP_VINT = { 0, INT32_MAX, 100 } },
-	{ C_MAX_UDP_PAYLOAD,      YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_UDP_PAYLOAD,
+	{ C_MAX_UDP_PAYLOAD,      YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_DNSSEC_PAYLOAD,
 	                                                KNOT_EDNS_MAX_UDP_PAYLOAD,
-	                                                4096, YP_SSIZE } },
-	{ C_MAX_IPV4_UDP_PAYLOAD, YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_UDP_PAYLOAD,
+	                                                KNOT_EDNS_MAX_UDP_PAYLOAD, YP_SSIZE } },
+	{ C_MAX_IPV4_UDP_PAYLOAD, YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_DNSSEC_PAYLOAD,
 	                                                KNOT_EDNS_MAX_UDP_PAYLOAD,
-	                                                4096, YP_SSIZE } },
-	{ C_MAX_IPV6_UDP_PAYLOAD, YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_UDP_PAYLOAD,
+	                                                KNOT_EDNS_MAX_UDP_PAYLOAD, YP_SSIZE } },
+	{ C_MAX_IPV6_UDP_PAYLOAD, YP_TINT,  YP_VINT = { KNOT_EDNS_MIN_DNSSEC_PAYLOAD,
 	                                                KNOT_EDNS_MAX_UDP_PAYLOAD,
-	                                                4096, YP_SSIZE } },
+	                                                KNOT_EDNS_MAX_UDP_PAYLOAD, YP_SSIZE } },
 	{ C_LISTEN,               YP_TADDR, YP_VADDR = { 53 }, YP_FMULTI },
 	{ C_COMMENT,              YP_TSTR,  YP_VNONE },
 	/* Obsolete items. */

--- a/src/knot/events/handlers/load.c
+++ b/src/knot/events/handlers/load.c
@@ -70,12 +70,6 @@ int event_load(conf_t *conf, zone_t *zone)
 		goto fail;
 	}

-	/* Check zone contents consistency. */
-	ret = zone_load_check(conf, contents);
-	if (ret != KNOT_EOK) {
-		goto fail;
-	}
-
 	/* Everything went alright, switch the contents. */
 	zone->zonefile.exists = true;
 	zone_contents_t *old = zone_switch_contents(zone, contents);

--- a/src/knot/zone/zone-load.c
+++ b/src/knot/zone/zone-load.c
-/*  Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -61,36 +61,6 @@ int zone_load_contents(conf_t *conf, const knot_dname_t *zone_name,
 	return KNOT_EOK;
 }

-int zone_load_check(conf_t *conf, zone_contents_t *contents)
-{
-	if (conf == NULL) {
-		return KNOT_EINVAL;
-	}
-
-	/* Bootstrapped zone, no checks apply. */
-	if (contents == NULL) {
-		return KNOT_EOK;
-	}
-
-	/* Check minimum EDNS0 payload if signed. (RFC4035/sec. 3) */
-	if (zone_contents_is_signed(contents)) {
-		if (conf->cache.srv_max_ipv4_udp_payload < KNOT_EDNS_MIN_DNSSEC_PAYLOAD) {
-			log_zone_error(contents->apex->owner, "EDNS payload size "
-			               "for IPv4 is lower than %u bytes for DNSSEC zone",
-			               KNOT_EDNS_MIN_DNSSEC_PAYLOAD);
-			return KNOT_EPAYLOAD;
-		}
-		if (conf->cache.srv_max_ipv6_udp_payload < KNOT_EDNS_MIN_DNSSEC_PAYLOAD) {
-			log_zone_error(contents->apex->owner, "EDNS payload size "
-			               "for IPv6 is lower than %u bytes for DNSSEC zone",
-			               KNOT_EDNS_MIN_DNSSEC_PAYLOAD);
-			return KNOT_EPAYLOAD;
-		}
-	}
-
-	return KNOT_EOK;
-}
-
 /*!
 * \brief If old journal exists, warn the user and append the changes to chgs
 *

--- a/src/knot/zone/zone-load.h
+++ b/src/knot/zone/zone-load.h
-/*  Copyright (C) 2014 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -30,15 +30,6 @@
 int zone_load_contents(conf_t *conf, const knot_dname_t *zone_name,
                       zone_contents_t **contents);

-/*!
- * \brief Check loaded zone contents validity.
- *
- * \param conf
- * \param contents
- * \return KNOT_EOK or an error
- */
-int zone_load_check(conf_t *conf, zone_contents_t *contents);
-
 /*!
 * \brief Update zone contents from the journal.
 *