DNSSEC and UDP buffer size
-
Where is the DNSMasq conf file located in pfsense?
-
Where is the DNSMasq conf file located in pfsense?
pfSense only uses command line parameters for dnsmasq, not a configuration file.
-
Is there any way to pass the larger packet size to dnsmasq via shell or some other conf file at startup?
-
If you really want to change it, you can edit line 639 of /etc/inc/services.inc to read:
mwexec("/usr/local/sbin/dnsmasq --all-servers --edns-packet-max=4096 {$args}");
Though thus far I haven't seen evidence that it will really break without that setting. If it does break, it should be easy to produce a patch or update for that simple change.
-
Exactly what I was looking for - thank you!
-
…Though thus far I haven't seen evidence that it will really break without that setting. If it does break, it should be easy to produce a patch or update for that simple change.
Since EDNS is already supported in dnsmasq some DNSSec queries will work, as they come in at under the 1280b payload size expected by dnsmasq's default EDNS value. Others, for instance some signed zones in the .gov and .org TLD's, use much closer to the 4k ceiling defined in RFC2671.
-
I added a very simple package that just applies a patch that makes the change I mentioned. If you find you need it, just install the "dnsmasq EDNS size increase" package that should show up momentarily in the package repo.
-
I added a very simple package that just applies a patch that makes the change I mentioned. If you find you need it, just install the "dnsmasq EDNS size increase" package that should show up momentarily in the package repo.
Thanks for the quick patch, Jim. I'm sure that will help people out as new and exciting DNS issues begin to arise.
-
I added a very simple package that just applies a patch that makes the change I mentioned. If you find you need it, just install the "dnsmasq EDNS size increase" package that should show up momentarily in the package repo.
Thanks for the patch. Bit of an issue though.
1.2.3
Parse error: syntax error, unexpected '-', expecting '(' in /usr/local/pkg/dnsmasq-edns.inc on line 3
-
Try again in about 5-10 minutes. I just checked in a fix.