[squid-users] dns_packet_max

Amos Jeffries squid3 at treenet.co.nz
Wed Jun 27 22:33:12 UTC 2018

On 28/06/18 10:00, Gordon Hsiao wrote:
> Still reading all the options, noticed dns_packet_max is off by default.
> My squid uses dnsmasq, that has EDNS on by default and it "defaults to
> 4096, which is the RFC5625-recommended size"
> In this case what will happen then? dnsmasq may receive EDNS up to 4K,
> which squid by default only takes
> 512Byte.  http://www.squid-cache.org/Versions/v3/3.5/cfgman/dns_packet_max.html 
> warns some older resolver does not like EDNS, but dnsmasq has this
> feature on by default...

That being about the external dnsmasq<->Internet behaviour should not
affect Squid. Though I'm surprised they did not hit the same problems we
did (see below).

The connection between Squid and the dnsmasq should always use the
traditional DNS fallback of TCP/53 if UDP/53 packets are not large
enough for a full response. That remains true even if an EDNS message
from Squid makes larger than 512 byte UDP packets be possible.

> Thinking about setting up "dns_packet_max 4096" and see what happens...

It worked fine for me when I added EDNS support to Squid. But others
reported that EDNS usage could crash their home routers. Since one of
the Squid use-cases is being an appliance used in residential situations
to limit upstream bandwidth we could not enable it by default.

Note paragraph #3 of that directives documentation about JumboGram
support at the network level. I suspect it was bugs in that TCP/IP
feature which was crashing peoples routers when 1500+ byte replies were


More information about the squid-users mailing list