From 2e253a83bebb889b4669081aefc002fb29f37441 Mon Sep 17 00:00:00 2001
From: Marek Vavrusa <marek@vavrusa.com>
Date: Tue, 19 Jul 2016 21:36:20 -0700
Subject: [PATCH] daemon: lower minimum allowed edns bufsize to 512

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always
---
 daemon/README.rst | 6 +++---
 daemon/bindings.c | 4 ++--
 lib/defines.h     | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/daemon/README.rst b/daemon/README.rst
index 8f9c8af93..7a892cc04 100644
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -542,14 +542,14 @@ For when listening on ``localhost`` just doesn't cut it.
 
 .. function:: net.bufsize([udp_bufsize])
 
-   Get/set maximum EDNS payload available. Default is 1452 (the maximum unfragmented datagram size).
-   You cannot set less than 1220 (minimum size for DNSSEC) or more than 65535 octets.
+   Get/set maximum EDNS payload available. Default is 1452, increase it in cases when authoritatives send large payloads over UDP and don't support TCP.
+   You cannot set less than 512 (512 is DNS packet size without EDNS, 1220 is minimum size for DNSSEC) or more than 65535 octets.
 
    Example output:
 
    .. code-block:: lua
 
-	> net.bufsize(4096)
+	> net.bufsize 4096
 	> net.bufsize()
 	4096
 
diff --git a/daemon/bindings.c b/daemon/bindings.c
index 761cc6589..3653f5d39 100644
--- a/daemon/bindings.c
+++ b/daemon/bindings.c
@@ -301,8 +301,8 @@ static int net_bufsize(lua_State *L)
 		return 1;
 	}
 	int bufsize = lua_tointeger(L, 1);
-	if (bufsize < KNOT_EDNS_MIN_DNSSEC_PAYLOAD || bufsize > UINT16_MAX) {
-		format_error(L, "bufsize must be within <1220, 65535>");
+	if (bufsize < 512 || bufsize > UINT16_MAX) {
+		format_error(L, "bufsize must be within <512, 65535>");
 		lua_error(L);
 	}
 	knot_edns_set_payload(opt_rr, (uint16_t) bufsize);
diff --git a/lib/defines.h b/lib/defines.h
index 0acc273a1..eed0e416c 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -62,7 +62,7 @@ static inline int __attribute__((__cold__)) kr_error(int x) {
  */
 #define KR_DNS_PORT   53
 #define KR_EDNS_VERSION 0
-#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
+#define KR_EDNS_PAYLOAD 1452 /* Default UDP payload (max unfragmented UDP is 1452B) */
 
 /*
  * Address sanitizer hints.
-- 
GitLab