b003d06003
* For caddy v1 in our org This RP changes all imports for caddyserver/caddy to coredns/caddy. This is the v1 code of caddy. For the coredns/caddy repo the following changes have been made: * anything not needed by us is deleted * all `telemetry` stuff is deleted * all its import paths are also changed to point to coredns/caddy * the v1 branch has been moved to the master branch * a v1.1.0 tag has been added to signal the latest release Signed-off-by: Miek Gieben <miek@miek.nl> * Fix imports Signed-off-by: Miek Gieben <miek@miek.nl> * Group coredns/caddy with out plugins Signed-off-by: Miek Gieben <miek@miek.nl> * remove this file Signed-off-by: Miek Gieben <miek@miek.nl> * Relax import ordering github.com/coredns is now also a coredns dep, this makes github.com/coredns/caddy fit more natural in the list. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix final import Signed-off-by: Miek Gieben <miek@miek.nl> |
||
|---|---|---|
| .. | ||
| bufsize.go | ||
| bufsize_test.go | ||
| README.md | ||
| setup.go | ||
| setup_test.go | ||
bufsize
Name
bufsize - sizes EDNS0 buffer size to prevent IP fragmentation.
Description
bufsize limits a requester's UDP payload size. It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
Syntax
bufsize [SIZE]
[SIZE] is an int value for setting the buffer size. The default value is 512, and the value must be within 512 - 4096. Only one argument is acceptable, and it covers both IPv4 and IPv6.
Examples
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
. {
bufsize 512
forward . 172.31.0.10
log
}
Enable limiting the buffer size as an authoritative nameserver:
. {
bufsize 512
file db.example.org
log
}
Considerations
- Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
- For now, if a client does not use EDNS, this plugin adds OPT RR.