-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Daisuke,
On 04/19/2013 03:43 PM, Daisuke HIGASHI wrote: > Hi Wouter, > > Here is a patch to implement only "max-udp-size" (a revised > version). I hope this would be applied to mainline. > > max-udp-size: <number> Maximum UDP response size. Valid values are > 512 to 4096. Default is 4096. > > In spite of my allow_minimal patch, Unbound should implement > max-udp-size option and defaults to 4096. Because currently > Unbound's response size has no limit and it can be dangerous > high-amplification-rate reflector if Unbound is mistakenly > configured as open-resolver. Also useful if we want to avoid IP > fragment. Thank you for this patch, I have applied it to the svn of unbound. Small changes: it does restrict the value. So that you can disable this new code with a large value. Default kept at 4096 and it advises 512-4096 in the manual. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJReRppAAoJEJ9vHC1+BF+N5v0P/jXB0FQOcAaS3OhNo/vGTbS1 oVSY5Ch3JkiH4OVgSpZS+hKnh6G3QHI/UXmz++xeg1/k0J3QSBgDAJnFiRPFpIC/ 1xaPHo5wMfHcyrPs4qVJaFKIrqEjs1PV0UQlQNM+NLQqVbltVqFGumevsEWzj3z4 3jW2JD2c+9ggHSAGBc3QizfN+BI0Yy2ay6LPHCuiKljdRhs3X5m5q9+WzTTgJAc8 D/kvyG1/zt7v9TaVXtvfxlDd2WZCUNQD4CD0UYTzwBHBhtD1WzFSs6QSQVYxQwz8 wsAHbP0ozgO5VGvOxBEIV7aCEEcmtpP+Td4run0BWdDuMUok8HvXNq8U8BYpmMwf JojR4txBRJKHzPlvuQBwzLrymKIF+aJ+2EhPHaPgAHjzTfe78cWWCyOz4R2ICURX TT0ud8AYkRLAYTN9F65zOYfwaJLq9eMZM84pGrfBsPV0DujGegSb5TLOA8uFZ9Df HrDkaQZKfSyE5ZcXSfgA8188hdv45CZV1ab6ZDxdHgSqAm6rn0YG69cWAJTzh3b+ GZ6ydkuupT+D/jJnB5Q1OlHV9sVE9z11xzAiD201VNikRthQQRATcrwp+HQ4s4It 5CWfhRYsu0dveG7zt/ku+t90D4Mp0W55jB27hBQDdy5qquNUzN2QGUwYKyOdust1 fLtZnqzD1/9Gvl0qH6fi =O3pG -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
