Permalink
Browse files

adapt udp-truncation-threshold flag to the recursor and document it

  • Loading branch information...
1 parent 904d321 commit a09a8ce002bd5a5ed148faba35946423fc131abf @Habbie Habbie committed Nov 5, 2013
Showing with 16 additions and 2 deletions.
  1. +10 −0 pdns/docs/pdns.xml
  2. +6 −2 pdns/pdns_recursor.cc
View
@@ -14434,6 +14434,16 @@ sql> insert into domainmetadata (domain_id, kind, content) values (6, 'TSIG-ALLO
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>udp-truncation-threshold=...</term>
+ <listitem>
+ <para>
+ EDNS0 allows for large UDP response datagrams, which can potentially raise performance. Large responses however
+ also have downsides in terms of reflection attacks. This setting limits the
+ accepted size. Maximum value is 65535, but values above 4096 should probably not be attempted. Default is 1680.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>version</term>
<listitem>
@@ -76,6 +76,7 @@ unsigned int g_maxTCPPerClient;
unsigned int g_networkTimeoutMsec;
bool g_logCommonErrors;
bool g_anyToTcp;
+uint16_t g_udpTruncationThreshold;
__thread shared_ptr<RecursorLua>* t_pdl;
__thread RemoteKeeper* t_remotes;
__thread shared_ptr<Regex>* t_traceRegex;
@@ -498,7 +499,7 @@ void startDoResolve(void *p)
uint32_t maxanswersize= dc->d_tcp ? 65535 : 512;
EDNSOpts edo;
if(getEDNSOpts(dc->d_mdp, &edo)) {
- maxanswersize = min(edo.d_packetsize, (uint16_t) (dc->d_tcp ? 65535 : 1680));
+ maxanswersize = min(edo.d_packetsize, (uint16_t) (dc->d_tcp ? 65535 : g_udpTruncationThreshold));
}
vector<DNSResourceRecord> ret;
@@ -1789,7 +1790,8 @@ int serviceMain(int argc, char*argv[])
g_logCommonErrors=::arg().mustDo("log-common-errors");
g_anyToTcp = ::arg().mustDo("any-to-tcp");
-
+ g_udpTruncationThreshold = ::arg().asNum("udp-truncation-threshold");
+
makeUDPServerSockets();
makeTCPServerSockets();
@@ -2064,6 +2066,8 @@ int main(int argc, char **argv)
::arg().setSwitch( "disable-packetcache", "Disable packetcache" )= "no";
::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads (EXPERIMENTAL)")="no";
::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";
+ ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
+
::arg().set("include-dir","Include *.conf files from this directory")="";
::arg().setCmd("help","Provide a helpful message");

0 comments on commit a09a8ce

Please sign in to comment.