src/net/dnsclient_unix.go      | 6 +++++-
 src/net/dnsclient_unix_test.go | 2 +-

diff --git a/src/net/dnsclient_unix.go b/src/net/dnsclient_unix.go
index d7db0c8133ebc814eb2ed4d7c4a002b0e49eaa97..0aa9ad7b9332ba35ce87ee5a6e3bdaf22d7f4fb5 100644
--- a/src/net/dnsclient_unix.go
+++ b/src/net/dnsclient_unix.go
@@ -29,6 +29,10 @@ const (
 	// to be used as a useTCP parameter to exchange
 	useTCPOnly  = true
 	useUDPOrTCP = false
+
+	// Maximum DNS packet size.
+	// Value taken from https://dnsflagday.net/2020/.
+	maxDNSPacketSize = 1232
 )
 
 var (
@@ -81,7 +85,7 @@ 	if _, err := c.Write(b); err != nil {
 		return dnsmessage.Parser{}, dnsmessage.Header{}, err
 	}
 
-	b = make([]byte, 512) // see RFC 1035
+	b = make([]byte, maxDNSPacketSize)
 	for {
 		n, err := c.Read(b)
 		if err != nil {
diff --git a/src/net/dnsclient_unix_test.go b/src/net/dnsclient_unix_test.go
index e7f7621a093c57aaaf6b0ea83434bd3afb7cbc5b..e8afbbe29e25f36eb6f9edeb2ee5c9bd7d9eee37 100644
--- a/src/net/dnsclient_unix_test.go
+++ b/src/net/dnsclient_unix_test.go
@@ -881,7 +881,7 @@ // UDP round-tripper algorithm should ignore invalid DNS responses (issue 13281).
 func TestIgnoreDNSForgeries(t *testing.T) {
 	c, s := Pipe()
 	go func() {
-		b := make([]byte, 512)
+		b := make([]byte, maxDNSPacketSize)
 		n, err := s.Read(b)
 		if err != nil {
 			t.Error(err)