DNS protocol tweaks

Following settings change low-level details of DNS protocol implementation. Default values should not be changed except for very special cases.

network/edns-buffer-size: <options>

Maximum EDNS payload size advertised in DNS packets. Different values can be configured for communication downstream (towards clients) and upstream (towards other DNS servers).

upstream <size B|K|M|G>

Default:

1232B

downstream <size B|K|M|G>

Default:

1232B

Default 1232 bytes was chosen to minimize risk of issues caused by IP fragmentation. Further details can be found at DNS Flag Day 2020 web site.

Minimal value allowed by standard RFC 6891 is 512 bytes, which is equal to DNS packet size without Extension Mechanisms for DNS. Value 1220 bytes is minimum size required by DNSSEC standard RFC 4035.

network:
  edns-buffer-size:
    upstream: 4096B
    downstream: 1232B

options/violators-workarounds: true|false

Default:

false

Workarounds resolve behavior on specific broken sub-domains. Currently it mainly disables case randomization.

options:
   violators-workarounds: true