67 lines
1.2 KiB
Groff
67 lines
1.2 KiB
Groff
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
|
.TH "COREDNS-BUFSIZE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
|
|
|
.SH "NAME"
|
|
.PP
|
|
\fIbufsize\fP - sizes EDNS0 buffer size to prevent IP fragmentation.
|
|
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fIbufsize\fP limits a requester's UDP payload size.
|
|
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
|
|
|
|
.SH "SYNTAX"
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
bufsize [SIZE]
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
\fB[SIZE]\fP is an int value for setting the buffer size.
|
|
The default value is 512, and the value must be within 512 - 4096.
|
|
Only one argument is acceptable, and it covers both IPv4 and IPv6.
|
|
|
|
.SH "EXAMPLES"
|
|
.PP
|
|
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
bufsize 512
|
|
forward . 172.31.0.10
|
|
log
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Enable limiting the buffer size as an authoritative nameserver:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
bufsize 512
|
|
file db.example.org
|
|
log
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.SH "CONSIDERATIONS"
|
|
.IP \(bu 4
|
|
Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
|
|
.IP \(bu 4
|
|
For now, if a client does not use EDNS, this plugin adds OPT RR.
|
|
|
|
|