From 4b987478b0abf14e84ff6fcae4ae8dec0d9ab43e Mon Sep 17 00:00:00 2001
From: Sam Morris <sam@robots.org.uk>
Date: Mon, 8 Oct 2018 12:03:28 +0100
Subject: [PATCH] resolved: have the stub resolver listen on both TCP and UDP
 by default

RFC7766 section 4 states that in the absence of EDNS0, a response that
is too large for a 512-byte UDP packet will have the 'truncated' bit
set. The client is expected to retry the query over TCP.

Fixes #10264.
---
 man/resolved.conf.xml          | 4 ++--
 src/resolve/resolved-manager.c | 2 +-
 src/resolve/resolved.conf.in   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index eb2794c..d37bf0d 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -239,9 +239,9 @@
       <varlistentry>
         <term><varname>DNSStubListener=</varname></term>
         <listitem><para>Takes a boolean argument or one of <literal>udp</literal> and <literal>tcp</literal>. If
-        <literal>udp</literal> (the default), a DNS stub resolver will listen for UDP requests on address 127.0.0.53
+        <literal>udp</literal>, a DNS stub resolver will listen for UDP requests on address 127.0.0.53
         port 53. If <literal>tcp</literal>, the stub will listen for TCP requests on the same address and port. If
-        <literal>yes</literal>, the stub listens for both UDP and TCP requests.  If <literal>no</literal>, the stub
+        <literal>yes</literal> (the default), the stub listens for both UDP and TCP requests.  If <literal>no</literal>, the stub
         listener is disabled.</para>
 
         <para>Note that the DNS stub listener is turned off implicitly when its listening address and port are already
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 1f8c47c..b7dc09a 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -580,7 +580,7 @@ int manager_new(Manager **ret) {
                 .dnssec_mode = DEFAULT_DNSSEC_MODE,
                 .dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE,
                 .enable_cache = true,
-                .dns_stub_listener_mode = DNS_STUB_LISTENER_UDP,
+                .dns_stub_listener_mode = DNS_STUB_LISTENER_YES,
                 .read_resolv_conf = true,
                 .need_builtin_fallbacks = true,
                 .etc_hosts_last = USEC_INFINITY,
diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
index e559291..6898c78 100644
--- a/src/resolve/resolved.conf.in
+++ b/src/resolve/resolved.conf.in
@@ -20,5 +20,5 @@
 #DNSSEC=@DEFAULT_DNSSEC_MODE@
 #DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
 #Cache=yes
-#DNSStubListener=udp
+#DNSStubListener=yes
 #ReadEtcHosts=yes
-- 
2.7.4