From 722dc74746922dee33c1a111c7f63a6dda5801f1 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 7 Sep 2017 09:43:53 +0200
Subject: [PATCH] auth: Treat requestor's payload size lower than 512 as equal
 to 512

(cherry picked from commit 7a9b7c95891deddb1f907b743f30df82fad84ffd)
---
 pdns/dnspacket.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index e1583ca34..66f73a5e0 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -559,7 +559,10 @@ try
 
   if(getEDNSOpts(mdp, &edo)) {
     d_haveednssection=true;
-    d_maxreplylen=std::min(edo.d_packetsize, s_udpTruncationThreshold);
+    /* rfc6891 6.2.3:
+       "Values lower than 512 MUST be treated as equal to 512."
+    */
+    d_maxreplylen=std::min(std::max(static_cast<uint16_t>(512), edo.d_packetsize), s_udpTruncationThreshold);
 //    cerr<<edo.d_Z<<endl;
     if(edo.d_Z & EDNSOpts::DNSSECOK)
       d_dnssecOk=true;
-- 
2.40.0