.\" Generated by Mmark Markdown Processer - mmark.miek.nl
.TH "COREDNS-BUFSIZE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"

.SH "NAME"
.PP
\fIbufsize\fP - sizes EDNS0 buffer size to prevent IP fragmentation.

.SH "DESCRIPTION"
.PP
\fIbufsize\fP limits a requester's UDP payload size.
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.

.SH "SYNTAX"
.PP
.RS

.nf
bufsize [SIZE]

.fi
.RE

.PP
\fB[SIZE]\fP is an int value for setting the buffer size.
The default value is 512, and the value must be within 512 - 4096.
Only one argument is acceptable, and it covers both IPv4 and IPv6.

.SH "EXAMPLES"
.PP
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):

.PP
.RS

.nf
\&. {
    bufsize 512
    forward . 172.31.0.10
    log
}

.fi
.RE

.PP
Enable limiting the buffer size as an authoritative nameserver:

.PP
.RS

.nf
\&. {
    bufsize 512
    file db.example.org
    log
}

.fi
.RE

.SH "CONSIDERATIONS"
.IP \(bu 4
Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
.IP \(bu 4
For now, if a client does not use EDNS, this plugin adds OPT RR.