Remove floor on EDNS0 packet size with DNSSEC.

author: Simon Kelley <simon@thekelleys.org.uk> 2014-12-15 17:50:15 +0000
committer: Simon Kelley <simon@thekelleys.org.uk> 2014-12-15 17:50:15 +0000
commit: 800c5cc1e7438818fd80f08c2d472df249a6942d (patch)
tree: 5222ca90ac1a4afad8b0091efa631c41e97d3130
parent: 857973e6f7e0a3d03535a9df7f9373fd7a0b65cc (diff)
download: dnsmasq-800c5cc1e7438818fd80f08c2d472df249a6942d.tar.gz
2 files changed, 5 insertions, 6 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 13ab41c..6825292 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,7 +2,11 @@ version 2.73
             Fix crash at startup when an empty suffix is supplied to
 	    --conf-dir, also trivial memory leak. Thanks to 
 	    Tomas Hozza for spotting this.
-	
+
+	    Remove floor of 4096 on advertised EDNS0 packet size when 
+	    DNSSEC in use, the original rationale for this has long gone.
+	    Thanks to Anders Kaseorg for spotting this.
+
 
 version 2.72
             Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index bf2e25a..5c7750d 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -87,11 +87,6 @@ int main (int argc, char **argv)
  
   if (daemon->edns_pktsz < PACKETSZ)
     daemon->edns_pktsz = PACKETSZ;
-#ifdef HAVE_DNSSEC
-  /* Enforce min packet big enough for DNSSEC */
-  if (option_bool(OPT_DNSSEC_VALID) && daemon->edns_pktsz < EDNS_PKTSZ)
-    daemon->edns_pktsz = EDNS_PKTSZ;
-#endif
 
   daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? 
     daemon->edns_pktsz : DNSMASQ_PACKETSZ;
author	Simon Kelley <simon@thekelleys.org.uk>	2014-12-15 17:50:15 +0000
committer	Simon Kelley <simon@thekelleys.org.uk>	2014-12-15 17:50:15 +0000
commit	800c5cc1e7438818fd80f08c2d472df249a6942d (patch)
tree	5222ca90ac1a4afad8b0091efa631c41e97d3130
parent	857973e6f7e0a3d03535a9df7f9373fd7a0b65cc (diff)
download	dnsmasq-800c5cc1e7438818fd80f08c2d472df249a6942d.tar.gz