On 28/06/18 10:00, Gordon Hsiao wrote: > Still reading all the options, noticed dns_packet_max is off by default. > My squid uses dnsmasq, that has EDNS on by default and it "defaults to > 4096, which is the RFC5625-recommended size" > > In this case what will happen then? dnsmasq may receive EDNS up to 4K, > which squid by default only takes > 512Byte. http://www.squid-cache.org/Versions/v3/3.5/cfgman/dns_packet_max.html ; > warns some older resolver does not like EDNS, but dnsmasq has this > feature on by default... That being about the external dnsmasq<->Internet behaviour should not affect Squid. Though I'm surprised they did not hit the same problems we did (see below). The connection between Squid and the dnsmasq should always use the traditional DNS fallback of TCP/53 if UDP/53 packets are not large enough for a full response. That remains true even if an EDNS message from Squid makes larger than 512 byte UDP packets be possible. > > Thinking about setting up "dns_packet_max 4096" and see what happens... > It worked fine for me when I added EDNS support to Squid. But others reported that EDNS usage could crash their home routers. Since one of the Squid use-cases is being an appliance used in residential situations to limit upstream bandwidth we could not enable it by default. Note paragraph #3 of that directives documentation about JumboGram support at the network level. I suspect it was bugs in that TCP/IP feature which was crashing peoples routers when 1500+ byte replies were attempted. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users