diff --git a/daemon/README.rst b/daemon/README.rst
index 155b0ea7e7ce9c7f8a4121f57394d8d1986d0aec..13ddc1d7eeef88fa266fc486f80164657c06541d 100644
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -542,7 +542,7 @@ For when listening on ``localhost`` just doesn't cut it.
 
 .. function:: net.bufsize([udp_bufsize])
 
-   Get/set maximum EDNS payload available. Default is 4096.
+   Get/set maximum EDNS payload available. Default is 1452, increase it in cases when authoritatives send large payloads over UDP and don't support TCP.
    You cannot set less than 512 (512 is DNS packet size without EDNS, 1220 is minimum size for DNSSEC) or more than 65535 octets.
 
    Example output:
diff --git a/lib/defines.h b/lib/defines.h
index a9baf643bcf90ef7125667b5c85da817256bfa9b..6a6523360e4170ae59060c36dd1032bf95f48f08 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -63,7 +63,7 @@ static inline int __attribute__((__cold__)) kr_error(int x) {
 #define KR_DNS_PORT   53
 #define KR_DNS_TLS_PORT 853
 #define KR_EDNS_VERSION 0
-#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
+#define KR_EDNS_PAYLOAD 1452 /* Default UDP payload (max unfragmented UDP is 1452B) */
 
 /*
  * Address sanitizer hints.