Remove commented-out edns-buffer-size section from the default unbound.conf.

The default in Unbound (and other DNS server software in the recent "DNS flag
day") changed to 1232 bytes, this avoids problems due to fragmented packets
(fragments can result in blackholes and also enable some attack vectors)
so there's now little reason to reduce this from defaults, and increasing
it is more of a specialist use case that isn't really needed in this
streamlined default config.

1 files changed, 1 insertions, 7 deletions

diff --git a/etc/unbound.conf b/etc/unbound.conf
index 775d94fcb25..b33c099d70f 100644
--- a/etc/unbound.conf
+++ b/etc/unbound.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: unbound.conf,v 1.20 2020/06/21 16:59:45 sthen Exp $
+# $OpenBSD: unbound.conf,v 1.21 2020/10/28 11:35:58 sthen Exp $
 
 server:
 	interface: 127.0.0.1
@@ -37,12 +37,6 @@ server:
 	#local-zone: "2.0.192.in-addr.arpa." static
 	#local-data-ptr: "192.0.2.51 mycomputer.local"
 
-	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
-	# May need lowering on broken networks with fragmentation/MTU issues,
-	# particularly if validating DNSSEC.
-	#
-	#edns-buffer-size: 1480
-
 	# Use TCP for "forward-zone" requests. Useful if you are making
 	# DNS requests over an SSH port forwarding.
 	#