diff --git a/include/types/dns.h b/include/types/dns.h
index c7338c792..06e014c08 100644
--- a/include/types/dns.h
+++ b/include/types/dns.h
@@ -82,7 +82,7 @@
 #define SRV_MAX_PREF_NET 5
 
 /* DNS header size */
-#define DNS_HEADER_SIZE		sizeof(struct dns_header)
+#define DNS_HEADER_SIZE		((int)sizeof(struct dns_header))
 
 /* DNS resolution pool size, per resolvers section */
 #define DNS_DEFAULT_RESOLUTION_POOL_SIZE	64
diff --git a/src/cfgparse.c b/src/cfgparse.c
index e69a4ab78..850160f6e 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2304,9 +2304,9 @@ int cfg_parse_resolvers(const char *file, int linenum, char **args, int kwm)
 		}
 
 		i = atoi(args[1]);
-		if (i > DNS_MAX_UDP_MESSAGE) {
-			Alert("parsing [%s:%d] : '%s' size %d exceeds maximum allowed size %d.\n",
-				file, linenum, args[0], i, DNS_MAX_UDP_MESSAGE);
+		if (i < DNS_HEADER_SIZE || i > DNS_MAX_UDP_MESSAGE) {
+			Alert("parsing [%s:%d] : '%s' must be between %d and %d inclusive (was %s).\n",
+			      file, linenum, args[0], DNS_HEADER_SIZE, DNS_MAX_UDP_MESSAGE, args[1]);
 			err_code |= ERR_ALERT | ERR_FATAL;
 			goto out;
 		}