[PATCH] resolv: set edns max buffer size to 1232

[PATCH] resolv: set edns max buffer size to 1232

[Cristian Rodríguez]

Year 2020, Large scale DNS operators and software vendors
agreed to set the maximum edns buffer size to 1232.

BIND9(1), NSD(2), unbound (3), dnsmasq etc  currently use this as
default, libc resolver should too.

1. https://downloads.isc.org/isc/bind9/9.16.8/doc/arm/html/notes.html#feature-changes
2. https://www.nlnetlabs.nl/news/2020/Oct/08/nsd-4.3.3-released/
3. https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/

Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
---
 resolv/resolv-internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h
index c55f3c0366..c79d5f2135 100644
--- a/resolv/resolv-internal.h
+++ b/resolv/resolv-internal.h
@@ -67,7 +67,7 @@ enum
        spoofing attacks because the randomness in a DNS packet is
        concentrated in the first fragment (with the headers) and does
        not protect subsequent fragments.  */
-    RESOLV_EDNS_BUFFER_SIZE = 1200,
+    RESOLV_EDNS_BUFFER_SIZE = 1232,
   };
 
 struct resolv_context;
-- 
2.40.0

Re: [PATCH] resolv: set edns max buffer size to 1232

[Cristian Rodríguez]

[-- Attachment #1: Type: text/plain, Size: 1342 bytes --]

ping? should not be a controversial thing to do. Most software out there
already does.


On Wed, Apr 5, 2023 at 9:21 PM Cristian Rodríguez <crrodriguez@opensuse.org>
wrote:

> Year 2020, Large scale DNS operators and software vendors
> agreed to set the maximum edns buffer size to 1232.
>
> BIND9(1), NSD(2), unbound (3), dnsmasq etc  currently use this as
> default, libc resolver should too.
>
> 1.
> https://downloads.isc.org/isc/bind9/9.16.8/doc/arm/html/notes.html#feature-changes
> 2. https://www.nlnetlabs.nl/news/2020/Oct/08/nsd-4.3.3-released/
> 3. https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/
>
> Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
> ---
>  resolv/resolv-internal.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h
> index c55f3c0366..c79d5f2135 100644
> --- a/resolv/resolv-internal.h
> +++ b/resolv/resolv-internal.h
> @@ -67,7 +67,7 @@ enum
>         spoofing attacks because the randomness in a DNS packet is
>         concentrated in the first fragment (with the headers) and does
>         not protect subsequent fragments.  */
> -    RESOLV_EDNS_BUFFER_SIZE = 1200,
> +    RESOLV_EDNS_BUFFER_SIZE = 1232,
>    };
>
>  struct resolv_context;
> --
> 2.40.0
>

Re: [PATCH] resolv: set edns max buffer size to 1232

[Adhemerval Zanella Netto]

On 11/04/23 10:43, Cristian Rodríguez via Libc-alpha wrote:
> ping? should not be a controversial thing to do. Most software out there
> already does.
> 

LGTM, although I am not really sure about the implications of this change.
The links you provided does say it is a conservative change thou.

> 
> On Wed, Apr 5, 2023 at 9:21 PM Cristian Rodríguez <crrodriguez@opensuse.org>
> wrote:
> 
>> Year 2020, Large scale DNS operators and software vendors
>> agreed to set the maximum edns buffer size to 1232.
>>
>> BIND9(1), NSD(2), unbound (3), dnsmasq etc  currently use this as
>> default, libc resolver should too.
>>
>> 1.
>> https://downloads.isc.org/isc/bind9/9.16.8/doc/arm/html/notes.html#feature-changes
>> 2. https://www.nlnetlabs.nl/news/2020/Oct/08/nsd-4.3.3-released/
>> 3. https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/
>>
>> Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
>> ---
>>  resolv/resolv-internal.h | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h
>> index c55f3c0366..c79d5f2135 100644
>> --- a/resolv/resolv-internal.h
>> +++ b/resolv/resolv-internal.h
>> @@ -67,7 +67,7 @@ enum
>>         spoofing attacks because the randomness in a DNS packet is
>>         concentrated in the first fragment (with the headers) and does
>>         not protect subsequent fragments.  */
>> -    RESOLV_EDNS_BUFFER_SIZE = 1200,
>> +    RESOLV_EDNS_BUFFER_SIZE = 1232,
>>    };
>>
>>  struct resolv_context;
>> --
>> 2.40.0
>>

Re: [PATCH] resolv: set edns max buffer size to 1232

[Adhemerval Zanella Netto]

On 12/04/23 09:40, Adhemerval Zanella Netto wrote:
> 
> 
> On 11/04/23 10:43, Cristian Rodríguez via Libc-alpha wrote:
>> ping? should not be a controversial thing to do. Most software out there
>> already does.
>>
> 
> LGTM, although I am not really sure about the implications of this change.
> The links you provided does say it is a conservative change thou.

In fact, it has triggered a regressions [1].

[1] https://www.delorie.com/trybots/32bit/18723/

Re: [PATCH] resolv: set edns max buffer size to 1232

[Cristian Rodríguez]

[-- Attachment #1: Type: text/plain, Size: 674 bytes --]

On Fri, Apr 14, 2023 at 7:45 AM Adhemerval Zanella Netto <
adhemerval.zanella@linaro.org> wrote:

>
>
> On 12/04/23 09:40, Adhemerval Zanella Netto wrote:
> >
> >
> > On 11/04/23 10:43, Cristian Rodríguez via Libc-alpha wrote:
> >> ping? should not be a controversial thing to do. Most software out there
> >> already does.
> >>
> >
> > LGTM, although I am not really sure about the implications of this
> change.
> > The links you provided does say it is a conservative change thou.
>
> In fact, it has triggered a regressions [1].
>
> [1] https://www.delorie.com/trybots/32bit/18723/


huh. the tests do not expect this.. I'll check that..sorry.