Maintained by: NLnet Labs

[Unbound-users] Maximum size of UDP responses?

W.C.A. Wijngaards
Thu Apr 25 13:58:33 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daisuke,

On 04/19/2013 03:43 PM, Daisuke HIGASHI wrote:
> Hi Wouter,
> 
> Here is a patch to implement only "max-udp-size" (a revised
> version). I hope this would be applied to mainline.
> 
> max-udp-size: <number> Maximum UDP response size. Valid values are
> 512 to 4096. Default is 4096.
> 
> In spite of my allow_minimal patch, Unbound should implement 
> max-udp-size option and defaults to 4096. Because currently
> Unbound's response size has no limit and it can be dangerous
> high-amplification-rate reflector if Unbound is mistakenly 
> configured as open-resolver. Also useful if we want to avoid IP 
> fragment.

Thank you for this patch, I have applied it to the svn of unbound.

Small changes: it does restrict the value.  So that you can disable
this new code with a large value.  Default kept at 4096 and it advises
512-4096 in the manual.

Best regards,
   Wouter


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJReRppAAoJEJ9vHC1+BF+N5v0P/jXB0FQOcAaS3OhNo/vGTbS1
oVSY5Ch3JkiH4OVgSpZS+hKnh6G3QHI/UXmz++xeg1/k0J3QSBgDAJnFiRPFpIC/
1xaPHo5wMfHcyrPs4qVJaFKIrqEjs1PV0UQlQNM+NLQqVbltVqFGumevsEWzj3z4
3jW2JD2c+9ggHSAGBc3QizfN+BI0Yy2ay6LPHCuiKljdRhs3X5m5q9+WzTTgJAc8
D/kvyG1/zt7v9TaVXtvfxlDd2WZCUNQD4CD0UYTzwBHBhtD1WzFSs6QSQVYxQwz8
wsAHbP0ozgO5VGvOxBEIV7aCEEcmtpP+Td4run0BWdDuMUok8HvXNq8U8BYpmMwf
JojR4txBRJKHzPlvuQBwzLrymKIF+aJ+2EhPHaPgAHjzTfe78cWWCyOz4R2ICURX
TT0ud8AYkRLAYTN9F65zOYfwaJLq9eMZM84pGrfBsPV0DujGegSb5TLOA8uFZ9Df
HrDkaQZKfSyE5ZcXSfgA8188hdv45CZV1ab6ZDxdHgSqAm6rn0YG69cWAJTzh3b+
GZ6ydkuupT+D/jJnB5Q1OlHV9sVE9z11xzAiD201VNikRthQQRATcrwp+HQ4s4It
5CWfhRYsu0dveG7zt/ku+t90D4Mp0W55jB27hBQDdy5qquNUzN2QGUwYKyOdust1
fLtZnqzD1/9Gvl0qH6fi
=O3pG
-----END PGP SIGNATURE-----