Ignore Path MTU Discovery on UDP server socket #7410
It might help prevent Path MTU poisoning attacks.
That change seems to be what made DNSCrypt servers running
As you know since you implemented the protocol, DNSCrypt requires questions sent over UDP to be as large as responses, using padding.
Blocking fragmented questions prevents large responses from being received.
Ignoring fragments in responses from authoritative servers is fine, but even with unencrypted queries, I'm not sure that there is any value in dropping fragments on the server socket. A fragment attack would just allow the question to be modified, but a stub resolver would ignore a response for a different query.
Thanks a lot for reporting this! I have to admit I had completely forgotten that propriety of