daemon: lower EDNS buffer size to 1232

NEWS

@@ -7,6 +7,7 @@ Incompatible changes
 
 Improvements
 ------------
+- lower default EDNS buffer size to 1232 (#538, #300, !920)
 - net: split the EDNS buffer size into upstream and downstream (!1026)
 - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
 - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061)

lib/defines.h

@@ -62,7 +62,7 @@ static inline int KR_COLD kr_error(int x) {
 #define KR_DNS_DOH_PORT 443
 #define KR_DNS_TLS_PORT 853
 #define KR_EDNS_VERSION 0
-#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
+#define KR_EDNS_PAYLOAD 1232 /* Default UDP payload; see https://dnsflagday.net/2020/ */
 #define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
 #define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */