2019-11-15 15:45:09 +00:00
. \" Generated by Mmark Markdown Processer - mmark.miek.nl
2026-03-27 05:35:09 +02:00
.TH "COREDNS-BUFSIZE" 7 "March 2026" "CoreDNS" "CoreDNS Plugins"
2019-11-15 15:45:09 +00:00
.SH "NAME"
.PP
2026-03-27 05:35:09 +02:00
\fI bufsize\fP - limits EDNS0 buffer size to prevent IP fragmentation.
2019-11-15 15:45:09 +00:00
.SH "DESCRIPTION"
.PP
2026-03-27 05:35:09 +02:00
\fI bufsize\fP limits a requester's UDP payload size to within a maximum value.
If a request with an OPT RR has a bufsize greater than the limit, the bufsize
of the request will be reduced. Otherwise the request is unaffected.
2020-06-13 07:41:05 -07:00
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
2026-03-27 05:35:09 +02:00
It cannot increase UDP size requested by the client, it can be reduced only.
This will only affect queries that have
an OPT RR (EDNS(0)
\[ la]https://www.rfc-editor.org/rfc/rfc6891\[ ra]).
2019-11-15 15:45:09 +00:00
.SH "SYNTAX"
.PP
.RS
.nf
bufsize [SIZE]
.fi
.RE
.PP
\fB [SIZE]\fP is an int value for setting the buffer size.
2026-03-27 05:35:09 +02:00
The default value is 1232, and the value must be within 512 - 4096.
2019-11-15 15:45:09 +00:00
Only one argument is acceptable, and it covers both IPv4 and IPv6.
.SH "EXAMPLES"
.PP
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
.PP
.RS
.nf
\& . {
2026-03-27 05:35:09 +02:00
bufsize 1100
2019-11-15 15:45:09 +00:00
forward . 172.31.0.10
log
}
.fi
.RE
.PP
Enable limiting the buffer size as an authoritative nameserver:
.PP
.RS
.nf
\& . {
2026-03-27 05:35:09 +02:00
bufsize 1220
2019-11-15 15:45:09 +00:00
file db.example.org
log
}
.fi
.RE
.SH "CONSIDERATIONS"
.IP \(bu 4
Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
