- Fix #404: DNS query with small edns bufsize fail.

NLnetLabs · Jan 18, 2021 · c125fe6 · c125fe6
1 parent e55f38f
commit c125fe6
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 5 deletions.
diff --git a/doc/Changelog b/doc/Changelog
@@ -1,3 +1,6 @@
+18 January 2021: Wouter
+	- Fix #404: DNS query with small edns bufsize fail.
+
 15 January 2021: Wouter
 	- Merge #402 from fobser: Implement IPv4-Embedded addresses according
 	  to RFC6052.

diff --git a/doc/example.conf.in b/doc/example.conf.in
@@ -388,7 +388,7 @@ server:
 	# target-fetch-policy: "3 2 1 0 0"
 
 	# Harden against very small EDNS buffer sizes.
-	# harden-short-bufsize: no
+	# harden-short-bufsize: yes
 
 	# Harden against unseemly large queries.
 	# harden-large-queries: no

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
@@ -839,9 +839,8 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
 rumoured to be closer to that of BIND 8.
 .TP
 .B harden\-short\-bufsize: \fI<yes or no>
-Very small EDNS buffer sizes from queries are ignored. Default is off, since
-it is legal protocol wise to send these, and unbound tries to give very
-small answers to these queries, where possible.
+Very small EDNS buffer sizes from queries are ignored. Default is on, as
+described in the standard.
 .TP
 .B harden\-large\-queries: \fI<yes or no>
 Very large queries are ignored. Default is off, since it is legal protocol

diff --git a/util/config_file.c b/util/config_file.c
@@ -220,7 +220,7 @@ config_create(void)
 	cfg->views = NULL;
 	cfg->acls = NULL;
 	cfg->tcp_connection_limits = NULL;
-	cfg->harden_short_bufsize = 0;
+	cfg->harden_short_bufsize = 1;
 	cfg->harden_large_queries = 0;
 	cfg->harden_glue = 1;
 	cfg->harden_dnssec_stripped = 1;
@@ -388,6 +388,7 @@ struct config_file* config_create_forlib(void)
 	cfg->val_log_level = 2; /* to fill why_bogus with */
 	cfg->val_log_squelch = 1;
 	cfg->minimal_responses = 0;
+	cfg->harden_short_bufsize = 1;
 	return cfg;
 }