Skip to content

Commit

Permalink
Change default value and use more sane examples
Browse files Browse the repository at this point in the history
Mention also increasing request size is not possible, it can only reduce
the accepted size.

Resolves coredns#295

Signed-off-by: Petr Menšík <pemensik@redhat.com>
  • Loading branch information
pemensik committed Jun 30, 2023
1 parent ad24b71 commit 5e29e2d
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions content/plugins/bufsize.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,25 @@ date = "2022-05-10T17:23:57.8775785"
+++

## Description
*bufsize* limits a requester's UDP payload size.
*bufsize* reduces a requester's UDP payload size.
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
This will only affect queries that have an OPT RR.
It cannot increase UDP size requested by the client, it can be reduced only.
This will only affect queries that have an OPT RR (EDNS(0)).

## Syntax
```txt
bufsize [SIZE]
```

**[SIZE]** is an int value for setting the buffer size.
The default value is 512, and the value must be within 512 - 4096.
The default value is 1232, and the value must be within 512 - 4096.
Only one argument is acceptable, and it covers both IPv4 and IPv6.

## Examples
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
```corefile
. {
bufsize 512
bufsize 1100
forward . 172.31.0.10
log
}
Expand All @@ -34,7 +35,7 @@ Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
Enable limiting the buffer size as an authoritative nameserver:
```corefile
. {
bufsize 512
bufsize 1220
file db.example.org
log
}
Expand Down

0 comments on commit 5e29e2d

Please sign in to comment.