Remove commented-out edns-buffer-size section from the default unbound.conf.

The default in Unbound (and other DNS server software in the recent "DNS flag day") changed to 1232 bytes, this avoids problems due to fragmented packets (fragments can result in blackholes and also enable some attack vectors) so there's now little reason to reduce this from defaults, and increasing it is more of a specialist use case that isn't really needed in this streamlined default config.
2024-12-21 23:18:00 -08:00 · 2020-10-28 11:35:58 +00:00 · 2020-10-28 11:35:58 +00:00 · 4c3a6c80a8
commit 4c3a6c80a8
parent 2c144df0c8
1 changed files with 1 additions and 7 deletions
--- a/etc/unbound.conf
+++ b/etc/unbound.conf
@ -1,4 +1,4 @@
-# $OpenBSD: unbound.conf,v 1.20 2020/06/21 16:59:45 sthen Exp $
+# $OpenBSD: unbound.conf,v 1.21 2020/10/28 11:35:58 sthen Exp $

 server:
 	interface: 127.0.0.1
@ -37,12 +37,6 @@ server:
 	#local-zone: "2.0.192.in-addr.arpa." static
 	#local-data-ptr: "192.0.2.51 mycomputer.local"

-	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
-	# May need lowering on broken networks with fragmentation/MTU issues,
-	# particularly if validating DNSSEC.
-	#
-	#edns-buffer-size: 1480
-
 	# Use TCP for "forward-zone" requests. Useful if you are making
 	# DNS requests over an SSH port forwarding.
 	#