- DNS Flag Day 2020: change edns-buffer-size default to 1232.

doc/Changelog

@@ -1,3 +1,6 @@
+29 September 2020: Ralph
+	- DNS Flag Day 2020: change edns-buffer-size default to 1232.
+
 28 September 2020: Wouter
 	- Fix unit test for dnstap changes, so that it waits for the timer.
 

doc/example.conf.in

@@ -129,8 +129,8 @@ server:
 	# ip-dscp: 0
 
 	# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
-	# is set with msg-buffer-size). 1472 can solve fragmentation (timeouts)
-	# edns-buffer-size: 4096
+	# is set with msg-buffer-size).
+	# edns-buffer-size: 1232
 
 	# Maximum UDP response size (not applied to TCP response).
 	# Suggested values are 512 to 4096. Default is 4096. 65536 disables it.

doc/unbound.conf.5.in

@@ -207,12 +207,11 @@ accepted. For larger installations increasing this value is a good idea.
 Number of bytes size to advertise as the EDNS reassembly buffer size.
 This is the value put into datagrams over UDP towards peers.  The actual
 buffer size is determined by msg\-buffer\-size (both for TCP and UDP).  Do
-not set higher than that value.  Default is 4096 which is RFC recommended.
-If you have fragmentation reassembly problems, usually seen as timeouts,
-then a value of 1472 can fix it.  Setting to 512 bypasses even the most
-stringent path MTU problems, but is seen as extreme, since the amount
-of TCP fallback generated is excessive (probably also for this resolver,
-consider tuning the outgoing tcp number).
+not set higher than that value.  Default is 1232 which is the DNS Flag Day 2020
+recommendation. Setting to 512 bypasses even the most stringent path MTU
+problems, but is seen as extreme, since the amount of TCP fallback generated is
+excessive (probably also for this resolver, consider tuning the outgoing tcp
+number).
 .TP
 .B max\-udp\-size: \fI<number>
 Maximum UDP response size (not applied to TCP response).  65536 disables the

testcode/testpkts.c

@@ -501,7 +501,7 @@ add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata,
 {
 	uint8_t edns[] = {0x00, /* root label */
 		0x00, LDNS_RR_TYPE_OPT, /* type */
-		0x10, 0x00, /* class is UDPSIZE 4096 */
+		0x04, 0xD0, /* class is UDPSIZE 1232 */
 		0x00, /* TTL[0] is ext rcode */
 		0x00, /* TTL[1] is edns version */
 		(uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */

testdata/val_cnametocnamewctoposwc.rpl

@@ -186,7 +186,7 @@ ENTRY_END
 STEP 10 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA AD DO NOERROR
+REPLY QR TC RD RA AD DO NOERROR
 SECTION QUESTION
 start.example.com. IN A
 SECTION ANSWER
@@ -201,11 +201,7 @@ SECTION AUTHORITY
 *.wc.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
 *.end.example.com.	86400	IN	NSEC	escapedtext.example.com. A RRSIG NSEC 
 *.end.example.com.	86400	IN	RRSIG	NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
-example.com.	3600	IN	NS	ns.example.com.
-example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
 SECTION ADDITIONAL
-ns.example.com.	3600	IN	A	1.2.3.4
-ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
 ENTRY_END
 
 SCENARIO_END

testdata/val_nsec3_cnametocnamewctoposwc.rpl

@@ -184,7 +184,7 @@ ENTRY_END
 STEP 10 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA AD DO NOERROR
+REPLY QR TC RD RA AD DO NOERROR
 SECTION QUESTION
 start.example.com. IN A
 SECTION ANSWER
@@ -199,11 +199,7 @@ isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	NSEC3	1 0 1 abcd  isoaarj
 isjq5aarcp8p5sukc56g961cccjus5u2.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
 a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	NSEC3	1 0 1 abcd  a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG 
 a61sejfu6am5a36p628t4s089s309o44.example.com.	86400	IN	RRSIG	NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
-example.com.	3600	IN	NS	ns.example.com.
-example.com.	3600	IN	RRSIG	NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
 SECTION ADDITIONAL
-ns.example.com.	3600	IN	A	1.2.3.4
-ns.example.com.	3600	IN	RRSIG	A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
 ENTRY_END
 
 SCENARIO_END

util/config_file.c

@@ -152,7 +152,7 @@ config_create(void)
 	cfg->incoming_num_tcp = 2; 
 #endif
 	cfg->stream_wait_size = 4 * 1024 * 1024;
-	cfg->edns_buffer_size = 4096; /* 4k from rfc recommendation */
+	cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */
 	cfg->msg_buffer_size = 65552; /* 64 k + a small margin */
 	cfg->msg_cache_size = 4 * 1024 * 1024;
 	cfg->msg_cache_slabs = 4;