diff options
Diffstat (limited to 'src/config.h')
| -rw-r--r-- | src/config.h | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/config.h b/src/config.h index ba4f2f8..cbfb631 100644 --- a/src/config.h +++ b/src/config.h @@ -1,4 +1,4 @@ -/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley +/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,10 +22,11 @@ #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */ #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */ #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */ -#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */ +#define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */ #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */ #define DNSSEC_WORK 50 /* Max number of queries to validate one question */ #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */ +#define SMALL_PORT_RANGE 30 /* If DNS port range is smaller than this, use different allocation. */ #define FORWARD_TEST 50 /* try all servers every 50 queries */ #define FORWARD_TIME 20 /* or 20 seconds */ #define UDP_TEST_TIME 60 /* How often to reset our idea of max packet size. */ @@ -60,6 +61,8 @@ #define SOA_EXPIRY 1209600 /* SOA expiry default */ #define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */ #define LOOP_TEST_TYPE T_TXT +#define DEFAULT_FAST_RETRY 1000 /* ms, default delay before fast retry */ +#define STALE_CACHE_EXPIRY 86400 /* 1 day in secs, default maximum expiry time for stale cache data */ /* compile-time options: uncomment below to enable or do eg. make COPTS=-DHAVE_BROKEN_RTC @@ -117,6 +120,10 @@ HAVE_IPSET define this to include the ability to selectively add resolved ip addresses to given ipsets. +HAVE_NFTSET + define this to include the ability to selectively add resolved ip addresses + to given nftables sets. + HAVE_AUTH define this to include the facility to act as an authoritative DNS server for one or more zones. @@ -194,7 +201,7 @@ RESOLVFILE /* #define HAVE_CONNTRACK */ /* #define HAVE_CRYPTOHASH */ /* #define HAVE_DNSSEC */ - +/* #define HAVE_NFTSET */ /* Default locations for important system files. */ @@ -422,6 +429,10 @@ static char *compile_opts = "no-" #endif "ipset " +#ifndef HAVE_NFTSET +"no-" +#endif +"nftset " #ifndef HAVE_AUTH "no-" #endif |