From 5d34daaf78f145bfaeb0f62d51b715a028f9fa72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 1 Dec 2020 18:53:26 +0100 Subject: [PATCH 1/2] Change the default value for nocookie-udp-size back to 4096 The DNS Flag Day 2020 reduced all the EDNS buffer sizes to 1232. In this commit, we revert the default value for nocookie-udp-size back to 4096 because the option is too obscure and most people don't realize that they also need to change this configuration option in addition to max-udp-size. (cherry picked from commit 79c196fc778a0e68eebcceaf04d03bf772ea70a3) --- bin/named/config.c | 2 +- doc/arm/reference.rst | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/named/config.c b/bin/named/config.c index 1a787f3c57..1c8c5a7285 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -86,7 +86,7 @@ options {\n\ memstatistics-file \"named.memstats\";\n\ # multiple-cnames ;\n\ # named-xfer ;\n\ - nocookie-udp-size 1232;\n\ + nocookie-udp-size 4096;\n\ notify-rate 20;\n\ nta-lifetime 3600;\n\ nta-recheck 300;\n\ diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index ce00f539a8..e6dbe215d3 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -1857,8 +1857,9 @@ Boolean Options ``nocookie-udp-size`` This sets the maximum size of UDP responses that are sent to queries without a valid server COOKIE. A value below 128 is silently - raised to 128. The default value is 1232, but the ``max-udp-size`` - option may further limit the response size. + raised to 128. The default value is 4096, but the ``max-udp-size`` + option may further limit the response size as the default for + ``max-udp-size`` is 1232. ``sit-secret`` This experimental option is obsolete. From 9d35c9b96d64ed632bac28a70bb2bc12b9be6457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 1 Dec 2020 19:01:30 +0100 Subject: [PATCH 2/2] Add CHANGES and release not for GL #2250 (cherry picked from commit c7d81f12f820beecebaeab184afc8df57e4f9a76) --- CHANGES | 3 +++ doc/notes/notes-current.rst | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index 524e0731eb..a8a7d9e18a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5544. [func] Restore the default value of nocookie-udp-size to 4096. + [GL #2250] + 5541. [func] Adjust the "max-recursion-queries" default from 75 to 100. [GL #2305] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 89c3d027d8..f3d238eba0 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -46,6 +46,14 @@ Feature Changes has a higher chance of being exceeded by non-attack queries, which is the main reason for increasing its default value. [GL #2305] +- Restore the ``nocookie-udp-size`` default from 1232 to 4096. Normally the + EDNS buffer size is configured by ``max-udp-size``, but this configuration + option overrides the value, but most people don't and won't realize there's + an extra configuration option that needs to be tweaked. By changing the + default here, we allow the the ``max-udp-size`` to be the sole option that + needs to be changed when operator wants to change the default EDNS buffer + size. [GL #2250] + Bug Fixes ~~~~~~~~~