blob: 8ffe86bfce480c1f20cc140116c51a5c955c6eb1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
.TH "COREDNS-BUFSIZE" 7 "November 2020" "CoreDNS" "CoreDNS Plugins"
.SH "NAME"
.PP
\fIbufsize\fP - sizes EDNS0 buffer size to prevent IP fragmentation.
.SH "DESCRIPTION"
.PP
\fIbufsize\fP limits a requester's UDP payload size.
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
.SH "SYNTAX"
.PP
.RS
.nf
bufsize [SIZE]
.fi
.RE
.PP
\fB[SIZE]\fP is an int value for setting the buffer size.
The default value is 512, and the value must be within 512 - 4096.
Only one argument is acceptable, and it covers both IPv4 and IPv6.
.SH "EXAMPLES"
.PP
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
.PP
.RS
.nf
\&. {
bufsize 512
forward . 172.31.0.10
log
}
.fi
.RE
.PP
Enable limiting the buffer size as an authoritative nameserver:
.PP
.RS
.nf
\&. {
bufsize 512
file db.example.org
log
}
.fi
.RE
.SH "CONSIDERATIONS"
.IP \(bu 4
Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
.IP \(bu 4
For now, if a client does not use EDNS, this plugin adds OPT RR.
|
