blob: 56a9dddfc67d94bb33c84d5ebc4f755d3ade9b6e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# bufsize
## Name
*bufsize* - sizes EDNS0 buffer size to prevent IP fragmentation.
## Description
*bufsize* limits a requester's UDP payload size.
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
This will only affect queries that have an OPT RR.
## Syntax
```txt
bufsize [SIZE]
```
**[SIZE]** is an int value for setting the buffer size.
The default value is 512, and the value must be within 512 - 4096.
Only one argument is acceptable, and it covers both IPv4 and IPv6.
## Examples
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
```corefile
. {
bufsize 512
forward . 172.31.0.10
log
}
```
Enable limiting the buffer size as an authoritative nameserver:
```corefile
. {
bufsize 512
file db.example.org
log
}
```
## Considerations
- Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
|
