NAME¶

bufsize - sizes EDNS0 buffer size to prevent IP fragmentation.

DESCRIPTION¶

bufsize limits a requester's UDP payload size. It prevents IP fragmentation, mitigating certain DNS vulnerabilities.

SYNTAX¶

bufsize [SIZE]

[SIZE] is an int value for setting the buffer size. The default value is 512, and the value must be within 512 - 4096. Only one argument is acceptable, and it covers both IPv4 and IPv6.

EXAMPLES¶

Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):

. {


    bufsize 512


    forward . 172.31.0.10


    log
}

Enable limiting the buffer size as an authoritative nameserver:

. {


    bufsize 512


    file db.example.org


    log
}

CONSIDERATIONS¶

Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
For now, if a client does not use EDNS, this plugin adds OPT RR.

March 2021

CoreDNS

Source file:	coredns-bufsize.7.en.gz (from coredns-for-k8s1.22-extras 1.8.4-1.18)
Source last updated:	2021-08-30T11:21:00Z
Converted to HTML:	2024-04-28T01:12:28Z