mirror of
https://github.com/coredns/coredns.git
synced 2026-04-05 11:45:33 -04:00
72 lines
1.4 KiB
Groff
72 lines
1.4 KiB
Groff
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
|
.TH "COREDNS-BUFSIZE" 7 "March 2026" "CoreDNS" "CoreDNS Plugins"
|
|
|
|
.SH "NAME"
|
|
.PP
|
|
\fIbufsize\fP - limits EDNS0 buffer size to prevent IP fragmentation.
|
|
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fIbufsize\fP limits a requester's UDP payload size to within a maximum value.
|
|
If a request with an OPT RR has a bufsize greater than the limit, the bufsize
|
|
of the request will be reduced. Otherwise the request is unaffected.
|
|
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
|
|
It cannot increase UDP size requested by the client, it can be reduced only.
|
|
This will only affect queries that have
|
|
an OPT RR (EDNS(0)
|
|
\[la]https://www.rfc-editor.org/rfc/rfc6891\[ra]).
|
|
|
|
.SH "SYNTAX"
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
bufsize [SIZE]
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
\fB[SIZE]\fP is an int value for setting the buffer size.
|
|
The default value is 1232, and the value must be within 512 - 4096.
|
|
Only one argument is acceptable, and it covers both IPv4 and IPv6.
|
|
|
|
.SH "EXAMPLES"
|
|
.PP
|
|
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
bufsize 1100
|
|
forward . 172.31.0.10
|
|
log
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Enable limiting the buffer size as an authoritative nameserver:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
\&. {
|
|
bufsize 1220
|
|
file db.example.org
|
|
log
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.SH "CONSIDERATIONS"
|
|
.IP \(bu 4
|
|
Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
|
|
|
|
|