From 43082362626dc85a8ea2ba7af2db091f4482932b Mon Sep 17 00:00:00 2001
From: Dominik Derigs <dl6er@dl6er.de>
Date: Tue, 28 Dec 2021 11:03:40 +0100
Subject: [PATCH] Minimum safe size is recommended to be 1232. See
 https://dnsflagday.net/2020/

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/config.h b/src/config.h
index 2bb6683..227fb1f 100644
--- a/src/config.h
+++ b/src/config.h
@@ -20,7 +20,7 @@
 #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
 #define TCP_BACKLOG 32  /* kernel backlog limit for TCP connections */
 #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
-#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
+#define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
 #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
 #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
 #define TIMEOUT 10     /* drop UDP queries after TIMEOUT seconds */