https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6910
Mark Martinec <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|Undefined |3.4.0 --- Comment #4 from Mark Martinec <[email protected]> --- Ok, changing a default to 'dns_options edns=4096'. Will remember to add this to compatibility section of release notes. trunk: Bug 6910: changed a default to edns=4096 (What DNS buffer size (EDNS); adjust Plugin::DKIM accordingly Sending lib/Mail/SpamAssassin/Conf.pm Sending lib/Mail/SpamAssassin/Plugin/DKIM.pm Committed revision 1448607. The current documentation (Conf.pm) now says: =item dns_options opts (default: norotate, nodns0x20, edns=4096) Provides a (whitespace or comma -separated) list of options applying to DNS resolving. Available options are: I<rotate>, I<dns0x20> and I<edns> (or I<edns0>). Option name may be negated by prepending a I<no> (e.g. I<norotate>, I<NoEDNS>) to counteract a previously enabled option. Option names are not case-sensitive. The I<dns_options> directive may appear in configuration files multiple times, the last setting prevails. Option I<edns> (or I<edsn0>) may take a value which specifies a requestor's acceptable UDP payload size according to EDNS0 specifications (RFC 2671bis draft), e.g. I<edns=4096>. When EDNS0 is off (I<noedns> or I<edns=512>) a traditional implied UDP payload size is 512 bytes. When the option is specified but a value is not provided, a conservative default of 1240 bytes is implied. It is recommended to keep I<edns> enabled when using a local recursive DNS server which supports EDNS0 (like most modern DNS servers do), a suitable setting in this case is I<edns=4096>, which is also a default. Allowing packets larger than 512 bytes can avoid truncation of answer resource records in large DNS responses (like in TXT records of some SPF and DKIM responses, or when an unreasonable number of A records is published by some domain). The option should be disabled when a recursive DNS server is only reachable through some old-fashioned firewall which bans DNS UDP packets larger than 512 bytes. A suitable value when a non-local recursive DNS server is used and a firewall does allow EDNS0 but blocks fragmented IP packets is perhaps 1240 bytes, allowing a DNS UDP packet to fit within a single IP packet in most cases. [...] -- You are receiving this mail because: You are the assignee for the bug.
