--- /sys/src/cmd/ndb/convM2DNS.c	Thu Aug 15 21:05:37 2013
+++ /sys/src/cmd/ndb/convM2DNS.c	Wed Feb 19 21:04:45 2014
@@ -47,7 +47,7 @@
 	 * if the (udp) packet is full-sized, if must be truncated because
 	 * it is incomplete.  otherwise, it's just garbled.
 	 */
-	if (sp->ep - sp->base >= Maxudp) {
+	if (sp->ep - sp->base >= Maxpayload) {
 		sp->trunc = 1;
 		seprint(p, ep, " (truncated)");
 	}
@@ -262,7 +262,7 @@
 				*to++ = '.';
 			}
 			break;
-		case 0100:		/* edns extended label type, rfc 2671 */
+		case 0100:		/* edns extended label type, rfc 6891 */
 			/*
 			 * treat it like an EOF for now; it seems to be at
 			 * the end of a long tcp reply.
@@ -568,7 +568,7 @@
  *  set *codep to the outgoing response code (e.g., Rformat), which will
  *  abort processing and reply immediately with the outgoing response code.
  *
- *  ideally would note if len == Maxudp && query was via UDP, for errtoolong.
+ *  ideally would note if len == Maxpayload && query was via UDP, for errtoolong.
  */
 char*
 convM2DNS(uchar *buf, int len, DNSmsg *m, int *codep)
--- /sys/src/cmd/ndb/dn.c	Sun Mar 10 06:16:47 2013
+++ /sys/src/cmd/ndb/dn.c	Wed Feb 19 21:14:35 2014
@@ -1001,7 +1001,8 @@
 
 	/* try for an authoritative db entry */
 	for(rp = dp->rr; rp; rp = rp->next){
-		assert(rp->magic == RRmagic && rp->cached);
+		assert(rp->magic == RRmagic);
+		assert(rp->cached);
 		if(rp->db)
 		if(rp->auth)
 		if(tsame(type, rp->type)) {
--- /sys/src/cmd/ndb/dnnotify.c	Thu Mar 24 23:27:13 2011
+++ /sys/src/cmd/ndb/dnnotify.c	Wed Feb 19 21:04:38 2014
@@ -50,7 +50,7 @@
 {
 	int i, len, n, reqno, status, fd;
 	char *err;
-	uchar ibuf[Maxudp+Udphdrsize], obuf[Maxudp+Udphdrsize];
+	uchar ibuf[Maxpayload+Udphdrsize], obuf[Maxpayload+Udphdrsize];
 	RR *rp;
 	Udphdr *up = (Udphdr*)obuf;
 	DNSmsg repmsg;
--- /sys/src/cmd/ndb/dnresolve.c	Tue Sep 18 23:55:00 2012
+++ /sys/src/cmd/ndb/dnresolve.c	Wed Feb 19 21:04:30 2014
@@ -621,14 +621,14 @@
 
 	/* stuff port number into output buffer */
 	memset(uh, 0, sizeof *uh);
-	hnputs(uh->rport, 53);
+	hnputs(uh->rport, Dnsport);
 
 	/* make request and convert it to output format */
 	memset(&m, 0, sizeof m);
 	rp = rralloc(type);
 	rp->owner = dp;
 	initdnsmsg(&m, rp, flags, reqno);
-	len = convDNS2M(&m, &buf[Udphdrsize], Maxudp);
+	len = convDNS2M(&m, &buf[Udphdrsize], Maxdnspayload);
 	rrfreelistptr(&m.qd);
 	memset(&m, 0, sizeof m);		/* cause trouble */
 	return len;
@@ -669,7 +669,7 @@
 		if (qp->udpfd <= 0)
 			dnslog("readnet: qp->udpfd closed");
 		else {
-			len = read(qp->udpfd, ibuf, Udphdrsize+Maxudpin);
+			len = read(qp->udpfd, ibuf, Udphdrsize+Maxpayload);
 			alarm(0);
 			notestats(startns, len < 0, qp->type);
 			if (len >= IPaddrlen)
@@ -1520,8 +1520,7 @@
 udpquery(Query *qp, char *mntpt, int depth, int patient, int inns)
 {
 	int fd, rv;
-	long now;
-	ulong pcntprob;
+	ulong now, pcntprob;
 	uvlong wait, reqtm;
 	char *msg;
 	uchar *obuf, *ibuf;
@@ -1530,7 +1529,7 @@
 
 	/* use alloced buffers rather than ones from the stack */
 	ibuf = emalloc(64*1024);		/* max. tcp reply size */
-	obuf = emalloc(Maxudp+Udphdrsize);
+	obuf = emalloc(Maxpayload+Udphdrsize);
 
 	fd = udpport(mntpt);
 	while (fd < 0 && cfg.straddle && strcmp(mntpt, "/net.alt") == 0) {
--- /sys/src/cmd/ndb/dns.c	Thu Mar 29 01:01:34 2012
+++ /sys/src/cmd/ndb/dns.c	Wed Feb 19 21:04:23 2014
@@ -914,13 +914,14 @@
 	return nil;
 }
 
+#ifdef notused
 /* simulate what dnsudpserver does */
 static char *
 lookupquerynew(Job *job, Mfile *mf, Request *req, char *errbuf, char *p,
 	int wantsav, int)
 {
 	char *err;
-	uchar buf[Udphdrsize + Maxudp + 1024];
+	uchar buf[Udphdrsize + Maxpayload];
 	DNSmsg *mp;
 	DNSmsg repmsg;
 	RR *rp;
@@ -932,6 +933,7 @@
 	rp->owner = dnlookup(p, Cin, 1);
 	mp = newdnsmsg(rp, Frecurse|Oquery, (ushort)rand());
 
+	/* BUG: buf is srcip, yet it's uninitialised */
 	dnserver(mp, &repmsg, req, buf, Rok);
 
 	freeanswers(mp);
@@ -940,6 +942,7 @@
 	freeanswers(&repmsg);
 	return err;
 }
+#endif
 
 void
 rclunk(Job *job, Mfile *mf)
--- /sys/src/cmd/ndb/dns.h	Thu Mar 24 23:19:20 2011
+++ /sys/src/cmd/ndb/dns.h	Wed Feb 19 21:03:34 2014
@@ -136,9 +136,17 @@
 	/* reserved time (can't be timed out earlier) */
 	Reserved=	5*Min,
 
-	/* packet sizes */
-	Maxudp=		512,	/* maximum bytes per udp message sent */
-	Maxudpin=	2048,	/* maximum bytes per udp message rcv'd */
+	/* tcp & udp port number */
+	Dnsport=	53,
+
+	/*
+	 * payload size.  originally, 512 bytes was the upper bound, to
+	 * eliminate fragmentation when using udp transport.
+	 * with edns (rfc 6891), that has been raised to 4096.
+	 * we don't currently generate edns, but we might be sent edns packets.
+	 */
+	Maxdnspayload=	512,
+	Maxpayload=	4096,
 
 	/* length of domain name hash table */
 	HTLEN= 		4*1024,
--- /sys/src/cmd/ndb/dnudpserver.c	Tue Sep 18 23:54:50 2012
+++ /sys/src/cmd/ndb/dnudpserver.c	Wed Feb 19 21:03:42 2014
@@ -114,7 +114,7 @@
 	for (tp = forwtarg; tp < forwtarg + currtarg; tp++)
 		if (tp->fd > 0) {
 			memmove(outpkt, tp->addr, sizeof tp->addr);
-			hnputs(uh->rport, 53);		/* dns port */
+			hnputs(uh->rport, Dnsport);
 			if (write(tp->fd, outpkt, len) != len) {
 				close(tp->fd);
 				tp->fd = -1;
@@ -134,7 +134,7 @@
 	volatile int fd, len, op, rcode;
 	char *volatile err;
 	volatile char tname[32];
-	volatile uchar buf[Udphdrsize + Maxudp + 1024];
+	volatile uchar buf[Udphdrsize + Maxpayload];
 	volatile DNSmsg reqmsg, repmsg;
 	Inprogress *volatile p;
 	volatile Request req;
@@ -320,7 +320,7 @@
 			rrname(rep->qd->type, tname, sizeof tname),
 			rep->qd, rep->an, rep->ns, rep->ar);
 
-	len = convDNS2M(rep, &buf[Udphdrsize], Maxudp);
+	len = convDNS2M(rep, &buf[Udphdrsize], Maxdnspayload);
 	len += Udphdrsize;
 	if(write(fd, buf, len) != len)
 		dnslog("error sending reply: %r");