contrib/job_manager: config servers' UDP size limit

The limits are going to change around Flag Day 2020, which could lead to
differences in TC returned to respdiff, so let's hardcode the limit
*towards clients* to 4096 (higher so we don't compare empty answers).
That will also keep it up for forwarding (for simplicity),
which is OK, I think.

The separation for kresd is recent master:
knot-resolver!1026

Docs:
 https://bind9.readthedocs.io/en/v9_16_6/reference.html?highlight=max-udp-size#tuning
 https://nlnetlabs.nl/documentation/unbound/unbound.conf/#max-udp-size
I'm not so sure about the meaning in Unbound; in both BIND and Unbound
the default hasn't been lowered yet, so *currently* it's a no-op there
and the point is to keep the client side this way for later releases.

contrib/job_manager/files/kresd.conf.j2

@@ -15,6 +15,10 @@ net.listen('::1', {{ tls_port }}, {tls = true})
 -- essential for TLS_FORWARD in Docker with lots of respdiff jobs
 net.tcp_pipeline(65535)
 
+-- avoid TC flags returned to respdiff
+local _, up_bs = net.bufsize()
+net.bufsize(4096, up_bs)
+
 {% if forward %}
 -- forwarding
 policy.add(policy.all(

contrib/job_manager/files/named.conf.j2

@@ -12,6 +12,8 @@ options {
 	allow-query     { localhost; };
 	max-cache-size	1048576000;
 
+	max-udp-size 4096; # reduce TC towards clients (mainly respdiff)
+
 	deny-answer-addresses {
 		0.0.0.0/8;
 		::ffff:0.0.0.0/104;

contrib/job_manager/files/unbound.conf.j2

@@ -34,6 +34,8 @@ server:
 	private-address: fc00::/7
 	private-address: fe80::/10
 
+	max-udp-size 4096; # reduce TC towards clients (mainly respdiff)
+
 	so-reuseport: yes
 	module-config: "validator iterator"
 	trust-anchor-file: "/usr/local/etc/unbound/root.keys"