[Unbound-users] Maximum size of UDP responses?
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Apr 25 11:58:33 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Daisuke,
On 04/19/2013 03:43 PM, Daisuke HIGASHI wrote:
> Hi Wouter,
>
> Here is a patch to implement only "max-udp-size" (a revised
> version). I hope this would be applied to mainline.
>
> max-udp-size: <number> Maximum UDP response size. Valid values are
> 512 to 4096. Default is 4096.
>
> In spite of my allow_minimal patch, Unbound should implement
> max-udp-size option and defaults to 4096. Because currently
> Unbound's response size has no limit and it can be dangerous
> high-amplification-rate reflector if Unbound is mistakenly
> configured as open-resolver. Also useful if we want to avoid IP
> fragment.
Thank you for this patch, I have applied it to the svn of unbound.
Small changes: it does restrict the value. So that you can disable
this new code with a large value. Default kept at 4096 and it advises
512-4096 in the manual.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJReRppAAoJEJ9vHC1+BF+N5v0P/jXB0FQOcAaS3OhNo/vGTbS1
oVSY5Ch3JkiH4OVgSpZS+hKnh6G3QHI/UXmz++xeg1/k0J3QSBgDAJnFiRPFpIC/
1xaPHo5wMfHcyrPs4qVJaFKIrqEjs1PV0UQlQNM+NLQqVbltVqFGumevsEWzj3z4
3jW2JD2c+9ggHSAGBc3QizfN+BI0Yy2ay6LPHCuiKljdRhs3X5m5q9+WzTTgJAc8
D/kvyG1/zt7v9TaVXtvfxlDd2WZCUNQD4CD0UYTzwBHBhtD1WzFSs6QSQVYxQwz8
wsAHbP0ozgO5VGvOxBEIV7aCEEcmtpP+Td4run0BWdDuMUok8HvXNq8U8BYpmMwf
JojR4txBRJKHzPlvuQBwzLrymKIF+aJ+2EhPHaPgAHjzTfe78cWWCyOz4R2ICURX
TT0ud8AYkRLAYTN9F65zOYfwaJLq9eMZM84pGrfBsPV0DujGegSb5TLOA8uFZ9Df
HrDkaQZKfSyE5ZcXSfgA8188hdv45CZV1ab6ZDxdHgSqAm6rn0YG69cWAJTzh3b+
GZ6ydkuupT+D/jJnB5Q1OlHV9sVE9z11xzAiD201VNikRthQQRATcrwp+HQ4s4It
5CWfhRYsu0dveG7zt/ku+t90D4Mp0W55jB27hBQDdy5qquNUzN2QGUwYKyOdust1
fLtZnqzD1/9Gvl0qH6fi
=O3pG
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list