Package: curvedns Version: 0.87-3 Severity: normal Testing out curvedns, I discovered that a dnssec any query for the apex of my primary zone failed to send anything.
It turns out that with a rsa 1k zsk a reasonably long spf txt rr and the ns and mx names in the zone (thus including their a and aaaa rrs in the additional secion) the reply grows past 8192 octets. global_ip_tcp_buffersize in curvedns’ io.c needs to be larger. 16384 is likely enough. (10k would be enough for my zone, even with the ns names switched to dnscurve style names). This is also reported as: https://github.com/curvedns/curvedns/issues/4 but a debian-specific patch increasing global_ip_tcp_buffersize would be welcome. The patch is just: diff --git a/ip.c b/ip.c index 664377b..c3b4493 100644 --- a/ip.c +++ b/ip.c @@ -45,7 +45,7 @@ int global_ip_sockets_count = 0; ev_tstamp global_ip_internal_timeout = 1.2; ev_tstamp global_ip_tcp_external_timeout = 60.0; int global_ip_tcp_max_number_connections = 25; -size_t global_ip_tcp_buffersize = 8192; +size_t global_ip_tcp_buffersize = 16384; size_t global_ip_udp_buffersize = 4096; uint8_t global_ip_udp_retries = 2; anysin_t global_target_address; -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.5.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages curvedns depends on: ii adduser 3.115 ii init-system-helpers 1.49 ii libc6 2.24-12 ii libev4 1:4.22-1+b1 ii libsodium18 1.0.13-1 ii lsb-base 9.20161125 curvedns recommends no packages. curvedns suggests no packages. -- Configuration Files: /etc/default/curvedns changed [not included] -- no debconf information
