diff --git a/CHANGES b/CHANGES index 524e0731eb..a8a7d9e18a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5544. [func] Restore the default value of nocookie-udp-size to 4096. + [GL #2250] + 5541. [func] Adjust the "max-recursion-queries" default from 75 to 100. [GL #2305] diff --git a/bin/named/config.c b/bin/named/config.c index 1a787f3c57..1c8c5a7285 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -86,7 +86,7 @@ options {\n\ memstatistics-file \"named.memstats\";\n\ # multiple-cnames ;\n\ # named-xfer ;\n\ - nocookie-udp-size 1232;\n\ + nocookie-udp-size 4096;\n\ notify-rate 20;\n\ nta-lifetime 3600;\n\ nta-recheck 300;\n\ diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index ce00f539a8..e6dbe215d3 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -1857,8 +1857,9 @@ Boolean Options ``nocookie-udp-size`` This sets the maximum size of UDP responses that are sent to queries without a valid server COOKIE. A value below 128 is silently - raised to 128. The default value is 1232, but the ``max-udp-size`` - option may further limit the response size. + raised to 128. The default value is 4096, but the ``max-udp-size`` + option may further limit the response size as the default for + ``max-udp-size`` is 1232. ``sit-secret`` This experimental option is obsolete. diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 89c3d027d8..f3d238eba0 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -46,6 +46,14 @@ Feature Changes has a higher chance of being exceeded by non-attack queries, which is the main reason for increasing its default value. [GL #2305] +- Restore the ``nocookie-udp-size`` default from 1232 to 4096. Normally the + EDNS buffer size is configured by ``max-udp-size``, but this configuration + option overrides the value, but most people don't and won't realize there's + an extra configuration option that needs to be tweaked. By changing the + default here, we allow the the ``max-udp-size`` to be the sole option that + needs to be changed when operator wants to change the default EDNS buffer + size. [GL #2250] + Bug Fixes ~~~~~~~~~