From af5ddacc690ab91dcdaed3f75b6ec4640f189b2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Je=C5=BEek?= <lukas.jezek@nic.cz>
Date: Fri, 10 Jan 2020 07:17:06 +0100
Subject: [PATCH] daemon: lower EDNS buffer size to 1232

---
 NEWS          | 1 +
 lib/defines.h | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 5962f1d3b..b5dc884e2 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ Incompatible changes
 
 Improvements
 ------------
+- lower default EDNS buffer size to 1232 (#538, #300, !920)
 - net: split the EDNS buffer size into upstream and downstream (!1026)
 - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
 - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061)
diff --git a/lib/defines.h b/lib/defines.h
index 4e7c9291b..76a93cb18 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -62,7 +62,7 @@ static inline int KR_COLD kr_error(int x) {
 #define KR_DNS_DOH_PORT 443
 #define KR_DNS_TLS_PORT 853
 #define KR_EDNS_VERSION 0
-#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
+#define KR_EDNS_PAYLOAD 1232 /* Default UDP payload; see https://dnsflagday.net/2020/ */
 #define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
 #define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */
 
-- 
GitLab