History

Patrick W. Healy a5b9749462 Don't add OPT RR to non-EDNS0 queries (#5368 ) * Don't add OPT RR to non-EDNS0 queries Signed-off-by: Patrick W. Healy <phealy@phealy.com> Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com> * Update plugin/bufsize/README.md Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>		2022-05-06 15:34:12 -04:00
..
bufsize.go	Don't add OPT RR to non-EDNS0 queries (#5368 )	2022-05-06 15:34:12 -04:00
bufsize_test.go	Don't add OPT RR to non-EDNS0 queries (#5368 )	2022-05-06 15:34:12 -04:00
README.md	Don't add OPT RR to non-EDNS0 queries (#5368 )	2022-05-06 15:34:12 -04:00
setup.go	For caddy v1 in our org (#4018 )	2020-09-24 18:14:41 +02:00
setup_test.go	For caddy v1 in our org (#4018 )	2020-09-24 18:14:41 +02:00

README.md

bufsize

Name

bufsize - sizes EDNS0 buffer size to prevent IP fragmentation.

Description

bufsize limits a requester's UDP payload size. It prevents IP fragmentation, mitigating certain DNS vulnerabilities. This will only affect queries that have an OPT RR.

Syntax

bufsize [SIZE]

[SIZE] is an int value for setting the buffer size. The default value is 512, and the value must be within 512 - 4096. Only one argument is acceptable, and it covers both IPv4 and IPv6.

Examples

Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):

. {
    bufsize 512
    forward . 172.31.0.10
    log
}

Enable limiting the buffer size as an authoritative nameserver:

. {
    bufsize 512
    file db.example.org
    log
}

Considerations

Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.